“I am pleased to dedicate this emergency warning system. In the, uh, off chance of a nuclear disaster, this sign will tell you, the good citizens of Springfield, what to do.”
|--Mayor Diamond Joe Quimby|
After you have identified anomalous behavior on a host, you still have to deal with it. It is tempting to spend the majority of your time configuring your monitoring and auditing tools. However, if you do not respond quickly and accurately you may do more harm than the incident that sparked your response. Too often a company is able to detect an intrusion within minutes only to follow up with a multi-day response that flails around and accomplishes little.
This chapter provides some groundwork to help you tune your ...