Please enable JavaScript.
Coggle requires JavaScript to display documents.
4 - Automating Incident Response - Coggle Diagram
4 - Automating Incident Response
Security Orchestration, Automation, and Response (SOAR)
Group of technologies allowing organizations to respond to some incidents automatically
Playbooks
Document or checklist that defines how to verify an incident
Runbook
Implement the playbook data into an automated tool
Threat intelligence
Gather data on potential threats
Cyber kill chain framework
Delivery
Send the weapon to the target via phishing attacks
Exploitation
Exploit a vulnerability on the target system
Installation
Install malware
Weaponization
Identify an exploit that the target is vulnerable to
Command and Control
Maintain a C2 server
Reconnaissance
Gather information on the target
Actions on objectives
Execute original goals
MITRE ATT&CK
Knowledge base of identified tactics, techniques and procedures (TTPs)
Threat hunting
Process of actively searching for cyber-threats in a network
Threat feeds
RSS feeds with latest attack details (e.g. suspicious domains, known malware hashes, malicious IP addresses)