Under construction
Models of Incident Response
PICERL Model
Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned
A More Dynamic Approach
In the updated SANS SEC504 course, the authors explain that in the modern threat landscape a more dynamic approach is needed since there is no one size fits all approach, as there are numerous sources of detection and the authors emphasize a cyclical approach to scoping the incident as illustrated below.
NIST Model
Offensive Models
MITRE ATT&CK
Cyber Kill Chain
Diamond Model
F3EAD

Enterprise Incident Response
Identification & Criticality
Log Sources
Where to Start?
DNS Event Analysis
Web Proxy Event Analysis
Malware Analysis
Endpoint Intrusion Analysis
Memory Analysis
Investigative Models
OODA
