[Security Content] Investigation Guides Line breaks refactor (#2412)
* [Security Content] Investigation Guides Line break refactor * undo updated_date bump on deprecated rules * Remove duplicated key
This commit is contained in:
Jonhnathan
@@ -48,8 +48,7 @@ Initiate the incident response process based on the outcome of the triage.
|
||||
- Implement temporary network rules, procedures, and segmentation to contain the malware.
|
||||
- Stop suspicious processes.
|
||||
- Immediately block the identified indicators of compromise (IoCs).
|
||||
- Inspect the affected systems for additional malware backdoors like reverse shells, reverse proxies, or droppers that
|
||||
attackers could use to reinfect the system.
|
||||
- Inspect the affected systems for additional malware backdoors like reverse shells, reverse proxies, or droppers that attackers could use to reinfect the system.
|
||||
- If the triage revelaed defence evasion for imparing defenses
|
||||
- Isolate the involved host to prevent further post-compromise behavior.
|
||||
- Identified the disabled security guard components on the host and take necessary steps in renebaling the same.
|
||||
@@ -62,8 +61,7 @@ Initiate the incident response process based on the outcome of the triage.
|
||||
- Intiate compromised credential deactivation and credential rotation process for all exposed crednetials.
|
||||
- Investiagte if any IPR data was accessed during the data crawling and take appropriate actions.
|
||||
- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.
|
||||
- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the
|
||||
mean time to respond (MTTR).
|
||||
- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).
|
||||
|
||||
## Setup
|
||||
|
||||
|
||||
Reference in New Issue
Block a user