Chapter 10

Analyzing Indicators of Compromise and Formulating an Appropriate Response

This chapter covers the following topics:

  • Indicators of compromise: This section covers packet capture (PCAP), network logs, vulnerability logs, operating system logs, access logs, NetFlow logs, notifications (including FIM alerts, SIEM alerts, DLP alerts, IDS/IPS alerts, and antivirus alerts), notification severity/priorities, and unusual process activity.

  • Response: This section describes firewall rules, IPS/IDS rules, ACL rules, signature rules, behavior rules, DLP rules, and scripts/regular expressions.

This chapter covers CAS-004 Objective 2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.

Formulating an appropriate ...

Get CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.