RA1005: Set Up Relevant Data Collection
Summary
| ID | RA1005 |
|---|---|
| Brief Description | Usually, data collection is managed by Log Management/Security Monitoring/Threat Detection teams. You need to provide them with a list of data that is critically important for IR process. Most of the time, data like DNS and DHCP logs are not being collected, as their value for detection is relatively low. You can refer to the existing Response Actions (Preparation stage) to develop the list |
| Author | your name/nickname/twitter |
| Creation Date | YYYY/MM/DD |
| References | |
| Response Stage | Preparation |
Description
Description of the extended_description for the Response Action in markdown format. Here newlines will be saved.