Incident Response Plan: Frameworks and Steps - CrowdStrike
Incident Response Plan: Frameworks and Steps - CrowdStrike
This document discusses incident response frameworks and steps, specifically focusing on the frameworks developed by NIST and SANS. It compares the two frameworks and highlights the importance of preparation in incident response. The document also emphasizes the need for defining the CSIRT, developing and updating a plan, acquiring and maintaining the proper infrastructure and tools, improving skills and supporting training, and possessing up-to-date threat intelligence capabilities. It further explains the steps of detection and analysis, containment, eradication, and recovery, as well as post-incident activities. The document concludes by mentioning CrowdStrike's incident response services and providing information about the author.
redcanaryco/invoke-atomicredteam: Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder] of Red Canary's Atomic Red Team project.
redcanaryco/invoke-atomicredteam: Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder] of Red Canary's Atomic Red Team project.
Invoke-AtomicRedTeam is a PowerShell module that allows you to execute tests defined in the atomics folder of Red Canary's Atomic Red Team project. It is important to understand the tests before executing them and ensure you have permission to test. It is recommended to set up a test machine similar to your environment and have your collection/EDR solution in place. Complete installation and usage instructions can be found in the Wiki.
Quickstart · Wazuh :The Open Source Security Platform Unified XDR and SIEM
Quickstart · Wazuh :The Open Source Security Platform Unified XDR and SIEM
Wazuh is an open-source security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. It consists of a universal agent and three central components: the Wazuh server, indexer, and dashboard. The hardware requirements for a quickstart deployment depend on the number of protected endpoints, and the supported operating systems are 64-bit Linux distributions. The installation process involves running the Wazuh installation assistant and accessing the web interface with the provided credentials. After installation, the next step is to deploy the Wazuh agent to protect various devices and environments.
6 Steps to Accelerate Cybersecurity Incident Response
6 Steps to Accelerate Cybersecurity Incident Response
This article outlines a six-step framework for accelerating cybersecurity incident response. The steps include preparation, identification, containment, eradication, recovery, and lessons learned. The importance of training, establishing a response strategy, and leveraging technology such as endpoint detection and response (EDR) platforms are highlighted. The article also emphasizes the need for continuous improvement and the role of investigation in the incident response process.