Chapter 10

Analyzing Indicators of Compromise and Formulating an Appropriate Response

This chapter covers the following topics:

  • Indicators of compromise: This section covers packet capture (PCAP), network logs, vulnerability logs, operating system logs, access logs, NetFlow logs, notifications (including FIM alerts, SIEM alerts, DLP alerts, IDS/IPS alerts, and antivirus alerts), notification severity/priorities, and unusual process activity.

  • Response: This section describes firewall rules, IPS/IDS rules, ACL rules, signature rules, behavior rules, DLP rules, and scripts/regular expressions.

This chapter covers CAS-004 Objective 2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.

Formulating an appropriate ...

Get CompTIA Advanced Security Practitioner (CASP+) CAS-004 Cert Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial