Add to collection(s) Add to saved
  1. No category
Uploaded by Praveen Kumar

alert analysis using NIST framework

advertisement 
ALERT ANALYSIS
(USING NIST FRAMEWORK)
Malware Alert
GATHER INFO
Hostname , AV action , File hash
File name , Malware category
File details , Malware details
DELETED
1. Identify the source of the Attack
: Check the website the user has
visited
: Check emails
: Check if the user inserted a USB
2. Research on the malware
3.Check the file hash in the network
CONTAINMENT
ERADICATION & RECOVERY
Email
Web
USB
Take permission and
delete all file having
attachement
Block URL on proxy ,firewall
,EDR and IP address
Educate the user about
Malware and Issue
warning
AV
action
NOT DELETED
1.Raise an incident to manually remove
the malware.
2. Check Hash reputation
3. Check the permission of user in AD
server
4.Observe the file path to know Entry
point
5.Check if AV has up to date signature
Manually remove the Malware and
Re-Scan the host
ANALYSIS
Related documents
Security Researcher
Security Researcher
ASSIGNMENT
ASSIGNMENT
Malicious Software A Technical B Breakdown
Malicious Software A Technical B Breakdown
LAB 7
LAB 7
bh-dc-07-Kendall McMillan
bh-dc-07-Kendall McMillan
Questions
Questions
GIAC GREM Certification: Exam Details, Syllabus and Questions
GIAC GREM Certification: Exam Details, Syllabus and Questions
V3I4-0371
V3I4-0371
Malware Sandboxing
Malware Sandboxing
MalwareAnalysis
MalwareAnalysis
SecurityPlusExamQuestions (2)
SecurityPlusExamQuestions (2)
malware analysis theory
malware analysis theory
Download
advertisement