IncidentResponse Flashcards
Incident
The act of violating an explicit/implied security policy.
Incident Response Process Order
Preparation, Detection, Analysis, Containment then Eradication, Recovery, Post-incident Learning.
Threat Hunting
Cybersecurity Method for finding hidden threats not caught by regular security monitoring.
Avisories and Bulletins
Published by vendors and security researchers when new TTPs and vulnerabilities are discovered.
Intelligent Fusion and Threat Data
Uses SIEM and analysis platforms to spot concerns into logs and real-world security threats.
Tabletop Exercise (TTX)
Exercise simulated incidents with controlled feedback.
Digital Forensics
Process of investigating and analyzing digital devices/data.
Disk Imaging
A bit-by-bit or logical copy of a storage device.
Legal Hold
Formal notification that instructs all preservation for electronic data, documents, records.
Electronic Discovery
Identifying/collecting/producing electronically store info during legal proceedings.
Syslog/Rsyskig/Syslog-ng
Variations of syslog would all permit the logging of data from different types of systems in a central repository.
Journalctl
Linux command line utility used for carrying and displaying logs from journald.
NXLog
Multi-platform management tool to help with security.
Rsylog/Syslog-ng
Linux and Unix.
NXLog
Linux, Unix, Windows.
Netflow’s SFLow
Provides a means for exporting trunicated packets.
Dashboards
Visually displays information from various systems, used in security operations centers for comprehensive views.
Automated Report
Computer generated report created automatically.
Vulnerability Scan
Generates scan reports automatically.
Packet Capture
Gathers all data sent to and from a specific network device.
