My key takeaways
- management wants to know what, not how
- IR plan aka policy
- IR playbook aka process
- microplays aka procedures
- microplays are the actual steps to be taken in response to an incident
- you don’t plan while under stress
- that’s when a playbook becomes handy
- even if every incident is unique and the environment is uinque, there usual process are most time the same and can be written down in a playbook
- an incident commander connects the C-Level and the IR team
Env
-
Provided by Wild West Hackin’ Fest
-
Speaker
additional links
- https://www.youtube.com/c/WildWestHackinFest/
- https://gitlab.com/syntax-ir/playbooks/-/tree/main/
- https://incidentresponse.com
- https://ayehu.com
- https://atc-project.github.io/atc-react/
- https://docs.microsoft.com/en-us/security/compass/incident-response-playbooks
- https://github.com/austinsonger/Incident-Playbook
User comments
- Fraggle780 — heute um 19:41 Uhr
yes – contain is isolation, eradicate is nuking from orbit - SilentTom — heute um 19:43 Uhr
Please dont power down. You make us forensic analysts very sad;-) - MaliciousPackage — heute um 19:49 Uhr
Awwww why so much hate for the red team?- Velda | The Deputy — heute um 19:50 Uhr
Their offensive 😄
- Velda | The Deputy — heute um 19:50 Uhr