Incident Response

Synopsis of the Incident :

Date and Time (Timeline)

Infected Assets :

Affected Users : [ asset name : username]

Containment Status :

Remediation Status :

Artifact Collection Status :

  • End point

  • Event logs

  • Network logs

  • System memory

  • Registry changes

  • Did we collected Memory using Forensics tool

  • Did we collected asset

Incident impact analysis:

  • Is data compromised

  • Is credentials compromised

  • Is system in accessible

  • Is data exfiltrated

  • Is network ransomware

Indicator of attack and compromise:

  • Initial payload delivery

  • Payload execution

  • Information gathering

  • C2 communication

  • Lateral movement

  • IOC

  • IOA

  • complete TTP's

  • Use MITRE framework

    • Reconnaissance

    • Resource Development

    • Initial Access

    • Execution

    • Persistence

    • Privilege Escalation

    • Defense Evasion

    • Credential Access

    • Discovery

    • Lateral Movement

    • Collection

    • Exfiltration

    • Impact

Analysis

  • Hashes

  • Timestamps

  • Detections by AV

  • Complete TTP's

References :

https://github.com/mitre-attack/attack-stix-data

PreviousRustNextScenarios

Last updated