Chapter 14

Classifying Intrusion Events into Categories

This chapter covers the following topics:

Diamond Model of Intrusion

Cyber Kill Chain Model

The Kill Chain vs. MITRE’s ATT&CK

Now that we have covered how to analyze data and events, let’s look at how to handle categorizing an incident that is identified during the monitoring process. A security incident is any event that threatens the security, confidentiality, integrity, or availability of something of value, such as assets, technical systems, networks, and so on. Things that can be identified as threats and would trigger an incident are violations of security policies, user policies, or general security practices. Examples would be gaining unauthorized access to a system, denying services, ...

Get Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.