Blue Team Guides

Red Team Guides Red Team Recipe DevSecOps Guides

Introduction
Preparation
Identify Scope
Protect Defend
Detect Visibility
Respond Analysis
Recover Remediate
Tactics Tips And Tricks
Incident Management Checklist
Security Incident-Identification Schema
Hardening
XDR
- Wazuh
Query Language
- KQL
- EQL
Events
- eventvwr
- Sysmon
Threat Intelligence
- Origin
- IOC
CSIRT
- Resources
Digital Forensic
- Resources
SOAR
- Workflow
Virtual Patching
- Modsecurity
Resources
Malware
- Sandbox
Scenario
- General
- Purple Teaming

Powered by GitBook

On this page

Security Incident-Identification Schema

PreviousIncident Management Checklist Nextmain

Last updated 1 year ago

Identifying Security Incidents Related to Advanced Persistent Threats (APTs)

Group Categorization

Group Reviews

Recent Incidents

General Source:

Identifying Threats Using Patterns:

Actor: [Individual or entity responsible for the threat]

Action: [Actions taken or methods used by the threat actor]

Asset: [Targeted resources or information]

Attribute: [Characteristics or properties related to the incident]

Prioritized Defended Asset List (PDAL) List and prioritize assets to defend Source:

Action Framework Structured Threat Information eXpression (STIX) Source:

KILL CHAIN MAPPING Information list for KILL CHAIN MAPPING Source:

Lockheed Martin - Intel Driven Defense

MITRE ATT&CK Groups

FireEye APT Groups

Pauli APT Review

Peerlyst APT Wiki

VERIS Community