RP1002: Identify affected systems and users
Summary
| ID | RP1002 |
|---|---|
| Brief Description | Identify the system(s) and the user(s) that have been affected |
| Author | @ermack_community |
| Creation Date | 2019/01/31 |
| Modification Date | 2019/01/31 |
| Tags |
|
Workflow
- TODO: create workflow
Playbook Actions
Identification
List Victims Of Security Alert
Put Compromised Accounts On Monitoring
Identify impacted services
List Hosts Communicated With Internal Domain
List Hosts Communicated With Internal Ip
List Hosts Communicated With Internal Url
List Hosts Communicated With External Domain
List Hosts Communicated With External Ip
List Hosts Communicated With External Url
Analyse Domain Name
Analyse Ip
Analyse Uri