Under construction

Models of Incident Response

PICERL Model

Preparation

Identification

Containment

Eradication

Recovery

Lessons Learned

A More Dynamic Approach

In the updated SANS SEC504 course, the authors explain that in the modern threat landscape a more dynamic approach is needed since there is no one size fits all approach, as there are numerous sources of detection and the authors emphasize a cyclical approach to scoping the incident as illustrated below.

NIST Model

Offensive Models

MITRE ATT&CK

Cyber Kill Chain

Diamond Model

F3EAD

Enterprise Incident Response

Incident Response

Models of Incident Response

PICERL Model

Preparation

Identification

Containment

Eradication

Recovery

Lessons Learned

A More Dynamic Approach

NIST Model

Offensive Models

MITRE ATT&CK

Cyber Kill Chain

Diamond Model

F3EAD

Enterprise Incident Response

Identification & Criticality

Log Sources

Where to Start?

DNS Event Analysis

Web Proxy Event Analysis

Malware Analysis

Endpoint Intrusion Analysis

Memory Analysis

Models of Incident Response

PICERL Model

Preparation

Identification

Containment

Eradication

Recovery

Lessons Learned

A More Dynamic Approach

NIST Model

Offensive Models

MITRE ATT&CK

Cyber Kill Chain

Diamond Model

F3EAD

Enterprise Incident Response

Identification & Criticality

Log Sources

Where to Start?

DNS Event Analysis

Web Proxy Event Analysis

Malware Analysis

Endpoint Intrusion Analysis

Memory Analysis

Share this:

Like this: