Intelligence-Driven Incident Response: Outwitting the Adversary by Scott J Roberts & Rebekah Brown
Author:Scott J Roberts & Rebekah Brown [Roberts, Scott J]
Language: eng
Format: azw3
Publisher: O'Reilly Media
Published: 2017-08-21T04:00:00+00:00
Gathering Information
Depending on how you manage your incident-response data, it is entirely possible that the most difficult part of the Exploit phase will be finding the important bits of intelligence from the investigation. When it comes to gathering incident-response data, we have seen it all — from elaborate systems, to Excel spreadsheets, to Post-It notes with IP addresses stuck to a whiteboard. There is no wrong way to gather that data, but if you want to be able to extract it so that it can be analyzed and used in the future, there are certainly some ways to make the process easier.
When you are dealing with exploiting information from a previous incident, you are often limited in the data that you have available. One of the goals of intelligence-driven incident response is to ensure that the incident-response process captures the information needed for intelligence analysis, but if you are just beginning the process of integrating operations and intelligence, you may not have been able to influence what information was gathered (yet). A good starting point for the Exploit phase is to understand exactly what you have available. We have found that the information that is currently available usually falls into one of two categories: high-level information, and technical details such as malware analysis.
If you have only high-level information in the form of a narrative about the incident, you will be looking at extracting strategic-level details, as opposed to if you have access to detailed malware analysis, from which you can extract tactical-level details about the malware’s functionality. Initially, you may have access to only one level of information or the other, but ideally, as you implement this process in your organization, you will be able to gather both the technical details of an incident as well as the strategic information on the information targeted and what the impact was. Being able to combine information across all the levels is one of the things that makes intelligence most powerful.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8332)
Test-Driven Development with Java by Alan Mellor(7000)
Data Augmentation with Python by Duc Haba(6920)
Principles of Data Fabric by Sonia Mezzetta(6654)
Learn Blender Simulations the Right Way by Stephen Pearson(6563)
Microservices with Spring Boot 3 and Spring Cloud by Magnus Larsson(6426)
Hadoop in Practice by Alex Holmes(5973)
Jquery UI in Action : Master the concepts Of Jquery UI: A Step By Step Approach by ANMOL GOYAL(5828)
RPA Solution Architect's Handbook by Sachin Sahgal(5819)
The Infinite Retina by Robert Scoble Irena Cronin(5518)
Big Data Analysis with Python by Ivan Marin(5496)
Life 3.0: Being Human in the Age of Artificial Intelligence by Tegmark Max(5181)
Pretrain Vision and Large Language Models in Python by Emily Webber(4457)
Infrastructure as Code for Beginners by Russ McKendrick(4244)
Functional Programming in JavaScript by Mantyla Dan(4058)
The Age of Surveillance Capitalism by Shoshana Zuboff(3979)
WordPress Plugin Development Cookbook by Yannick Lefebvre(3953)
Embracing Microservices Design by Ovais Mehboob Ahmed Khan Nabil Siddiqui and Timothy Oleson(3753)
Applied Machine Learning for Healthcare and Life Sciences Using AWS by Ujjwal Ratan(3727)
