Hermes Agent
22 lines
646 B
Markdown
22 lines
646 B
Markdown
# Initial Response Procedure
|
|
|
|
## 1. Detection & Analysis
|
|
|
|
1. Verify the incident is not a false positive
|
|
2. Document initial findings
|
|
3. Determine severity level
|
|
|
|
## 2. Initial Containment
|
|
|
|
- Isolate affected systems from the network
|
|
- Preserve evidence (do not power off if possible)
|
|
- Document system state
|
|
|
|
## Severity Levels
|
|
|
|
| Level | Description | Response Time |
|
|
|-------|-------------|---------------|
|
|
| Critical | Active breach, data exfiltration | Immediate |
|
|
| High | Confirmed malware, unauthorized access | 1 hour |
|
|
| Medium | Suspected intrusion, investigation needed | 4 hours |
|
|
| Low | Policy violation, minor anomaly | 24 hours | |