| RS0001 |
Preparation |
Get prepared for a security incident. |
| RS0004 |
Eradication |
Remove a threat from an environment. |
| RS0006 |
Lessons Learned |
Discover how to improve the Incident Response process and implement the improvements. |
| RS0002 |
Identification |
Gather information about a threat that has triggered a security incident, its TTPs, and affected assets. |
| RS0003 |
Containment |
Prevent a threat from achieving its objectives and/or spreading around an environment. |
| RS0005 |
Recovery |
Recover from the incident and return all the assets back to normal operation. |