IR Data Sources, Dashboards, Reports

In the context of an incident response case or digital forensics investigation, a data source is something that can be subjected to analysis to discover indicators.

System memory and media device file system data and metadata.
Log files generated by network appliances (switches, routers, and firewalls/UTMs).
Network traffic captured by sensors and/or any alertable or loggable conditions raised by intrusion detection systems.
Log files and alerts generated by network-based vulnerability scanners.
Log files generated by the OS components of client and server host computers.
Log files generated by applications and services running on hosts.
Log files and alerts generated by endpoint security software installed on hosts. This can include host-based intrusion detection, vulnerability scanning, antivirus, and firewall security software.
incident response dashboards
automated SEIM reports

adam's notes

IR Data Sources, Dashboards, Reports

Graph View

Backlinks