9

What Happens After an Alert is Triggered?

Once an alert is triggered, a set of actions begins in theory. This chapter will discuss the different sets of actions, how to create playbooks, and to ultimately triage alerts, and examples of poorly created detections and their consequences. These are practical examples that can immediately be applied to your environments if they aren’t already. This chapter shows off a variety of strategies for actions that can be taken and for creating playbooks.

This chapter will look at the following topics:

  • What’s next? Example playbooks and how to create them
  • Templates for playbooks and best practices

Technical requirements

For this specific chapter, there are no installations or specific technologies that ...

Get Aligning Security Operations with the MITRE ATT&CK Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.