Incident Response steps for beginners
Cyber Security Office Center Analysis
Monitor and Detect for Alerts
Monitoring and detection
Vulnerability Scanning
Port Scanning
SIEM/EDR(Security Onion)
Data Quary
IDS
Triaging Alerts -
Network Analysis(static/Dynamic)
Log Analysis
Investigate the Alerts -
Malware Analysis
Network Analysis(static/Dynamic)
Active Directory
System Event Log Analysis
Recommendation Solutions - XDR (mitre att&k) framework.
Firewall Creation
IPS
Escalate generated Alerts
-Auditing
-Copywriting