Blue Team Guides

Red Team Guides Red Team Recipe DevSecOps Guides

Red Team Guides Red Team Recipe DevSecOps Guides

Introduction
Preparation
Identify Scope
Protect Defend
Detect Visibility
Respond Analysis
Recover Remediate
Tactics Tips And Tricks
Incident Management Checklist
Security Incident-Identification Schema
Hardening
XDR
- Wazuh
Query Language
- KQL
- EQL
Events
- eventvwr
- Sysmon
Threat Intelligence
- Origin
- IOC
CSIRT
- Resources
Digital Forensic
- Resources
SOAR
- Workflow
Virtual Patching
- Modsecurity
Resources
Malware
- Sandbox
Scenario
- General
- Purple Teaming

Powered by GitBook

On this page

Security Incident-Identification Schema

PreviousIncident Management Checklist Nextmain

Last updated 1 year ago

Identifying Security Incidents Related to Advanced Persistent Threats (APTs)

Group Categorization

MITRE ATT&CK Groups
FireEye APT Groups

Group Reviews

Pauli APT Review
Peerlyst APT Wiki

Recent Incidents

Malpedia

General Source: VERIS Community

Identifying Threats Using Patterns:

Actor: [Individual or entity responsible for the threat]

Action: [Actions taken or methods used by the threat actor]

Asset: [Targeted resources or information]

Attribute: [Characteristics or properties related to the incident]

Action Framework Structured Threat Information eXpression (STIX) Source: STIX Project

KILL CHAIN MAPPING Information list for KILL CHAIN MAPPING Source: Lockheed Martin - Intel Driven Defense

Prioritized Defended Asset List (PDAL) List and prioritize assets to defend Source: