There have been many activities in the field of responding to violations оver the past 1.5 years. And as the Big Data Security Analytics platform with the help of ELK was launched, and began to ac tively pursue threats as a service.
We will select by points what experience was obtained during the work:
1. The incident is not the incident.
So be prepared to challenge the incident itself and learn that it is much more or much less or of a completely different nature than what was originally discussed.
2. Build Trust.
So be patient as you work your way through the people and the technology.
3. Build Timelines.
It will be necessary to build a timetable not using only system journals, but also interviews with stakeholders
4. Establish communication protocols.
5. Establish information sharing protocols.
6. Ask stupid questions.
It’s important to ask questions, and not work with any assumptions that send your investigation completely out of the trail.
7. Build and tear down hypotheses.
Again, getting all stakeholders to review your hypotheses and challenge them helps the investigation move along.
8. Build flexibility in your toolkit.
You may like doing log analysis on your high-end laptop using Splunk or ELK.
9. Keep the larger picture in mind.
You should always keep a big picture in mind.
10. Set client expectations right.
There is always the possibility that your investigation might reach a dead-end.
Firstly, the Organization should be directed towards the implementation of formal incident management processes, the development of incidents, the inevitable, the conduct of cyber-security training and training as security and IT, the Organization should focus on formal incident management processes, the development of incidents, the Response incident team.