Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks
Uploaded by mesnagment

Incident handler's journal

advertisement 
Incident handler's journal
Date:
Entry:
12.10.2023
#1
Description
Investigate a suspicious file hash
Tool(s) used
In this exercise, I used VirusTotal, a tool for checking files and URLs for
malicious content. It's a handy tool for cybersecurity professionals to quickly
verify if a given indicator, like a file hash, is reported as malicious by the
cybersecurity community.
This event occurred in the Detection and Analysis phase. As a security analyst
in a SOC, I investigated a suspicious file hash flagged by our security systems
to determine if it posed a genuine threat.
The 5 W's
●
●
●
●
●
Additional notes
Who: An unknown malicious actor
What: An email sent to an employee contained a malicious file
attachment with the SHA-256 file hash of
54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab52
7f6b
Where: An employee's computer at a financial services company
When: At 1:20 p.m., an alert was sent to the organization's SOC after the
intrusion detection system detected the file
Why: An employee was able to download and execute a malicious file
attachment via e-mail.
To prevent such incidents in the future, it is advisable to enhance security
awareness training, ensuring that employees exercise caution when interacting
online and clicking on links.
Date:
Entry:
14.10.2023
#2
Description
Capturing my first packet
Tool(s) used
In this task, I utilized tcpdump, a command-line network protocol analyzer for
capturing and analyzing network traffic. Much like Wireshark, tcpdump is a
valuable tool in the realm of cybersecurity, enabling security analysts to
capture, filter, and scrutinize network traffic.
The 5 W's
Additional notes
●
●
●
●
●
Who: N/A
What: N/A
Where: N/A
When: N/A
Why: N/A
As I'm relatively new to working with the command-line interface, capturing
and filtering network traffic posed some challenges. I encountered a few
stumbling points due to incorrect command usage. However, by meticulously
adhering to the provided instructions and retracing some steps, I managed to
overcome these obstacles and successfully capture network traffic.
Date:
Entry:
15.10.2023
#3
Description
Analyzing a packet capture file
Tool(s) used
In this task, I employed Wireshark, a graphical user interface-based network
protocol analyzer, to examine a packet capture file. Wireshark's significance in
cybersecurity lies in its capacity to empower security analysts to capture and
scrutinize network traffic, facilitating the detection and investigation of
potential malicious activity.
The 5 W's
Additional notes
●
●
●
●
●
Who: N/A
What: N/A
Where: N/A
When: N/A
Why: N/A
Being unfamiliar with Wireshark, I approached this task with enthusiasm, eager
to delve into the analysis of a packet capture file. Initially, the interface
appeared quite daunting. However, it became evident why Wireshark is
regarded as a potent tool for comprehending network traffic due to its robust
capabilities.
Date:
Entry:
17.10.2023
#4
Description
This incident transpired in two pivotal phases:
1.Detection and Analysis: The scenario illustrates the initial detection of the
ransomware incident within the organization. In the analysis phase, the
organization proactively sought technical assistance by reaching out to
multiple external entities.
2.Containment, Eradication, and Recovery: In this phase, the scenario outlines
the actions taken to contain the incident, including the temporary shutdown of
computer systems. Recognizing the need for collaborative efforts to eradicate
and recover from the incident, the organization reached out to various external
organizations for assistance.
Tool(s) used
The 5 W's
Additional notes
None
●
●
●
●
●
Who: An organized group of unethical hackers
What: A ransomware security incident
Where: At a health care company
When: Tuesday 9:00 a.m.
Why: The incident happened because unethical hackers were able to
access the company's systems using a phishing attack. After gaining
access, the attackers launched their ransomware on the company's
systems, encrypting critical files. The attackers' motivation appears to
be financial because the ransom note they left demanded a large sum
of money in exchange for the decryption key.
To prevent a recurrence of such an incident, the healthcare company should
consider implementing robust security measures and protocols.
The company should refrain from paying the ransom to obtain the decryption
key.
Date:
Entry:
Record the date
Record the journal entry number.
of the journal
entry.
Description
Provide a brief description about the journal entry.
Tool(s) used
List any cybersecurity tools that were used.
The 5 W's
Capture the 5 W's of an incident.
●
Who caused the incident?
●
What happened?
●
When did the incident occur?
●
Where did the incident happen?
●
Why did the incident happen?
Additional notes
Include any additional thoughts, questions, or findings.
Date:
Entry:
Record the date
Record the journal entry number.
of the journal
entry.
Description
Provide a brief description about the journal entry.
Tool(s) used
List any cybersecurity tools that were used.
The 5 W's
Capture the 5 W's of an incident.
Additional notes
●
Who caused the incident?
●
What happened?
●
When did the incident occur?
●
Where did the incident happen?
●
Why did the incident happen?
Include any additional thoughts, questions, or findings.
Need another journal entry template?
If you want to add more journal entries, please copy one of the tables above and paste it into the
template to use for future entries.
Reflections/Notes: Record additional notes.
Related documents
Cybersecurity.incident.report.network.traffic.analysis
Cybersecurity.incident.report.network.traffic.analysis
Student Incident Report samples
Student Incident Report samples
Download
advertisement