Analyzing Indicators of Compromise and Formulating an Appropriate Response
This chapter covers the following topics:
Indicators of compromise: This section covers packet capture (PCAP), network logs, vulnerability logs, operating system logs, access logs, NetFlow logs, notifications (including FIM alerts, SIEM alerts, DLP alerts, IDS/IPS alerts, and antivirus alerts), notification severity/priorities, and unusual process activity.
Response: This section describes firewall rules, IPS/IDS rules, ACL rules, signature rules, behavior rules, DLP rules, and scripts/regular expressions.
This chapter covers CAS-004 Objective 2.2 Given a scenario, analyze indicators of compromise and formulate an appropriate response.
Formulating an appropriate ...