Security Blue - Incident Respons

This class was created by Brainscape user ola sijuwola. Visit their profile to learn more about the creator.

Decks in this class (47)

Incident Response Introduction
Incident response introduction,
What is incident response,
Why is ir needed
3  cards
Security Events vs Security Incidents
Events vs incidents,
Security events,
Security incidents
4  cards
Incident Response Lifecycle
Ir lifecycle,
Preparation,
Detection and analysis
5  cards
CSIRT and CERT Explained
Csirt and cert explained,
Why are they important,
Public vs private
4  cards
Further Reading Material, Incident Response
Additional reading
1  cards
Section Introduction, Preparation
Preparation,
Preparation incident response plan,
Preparation
9  cards
Preparation: Incident Response Teams
Ir teams,
Why do we need them,
Incident response team members
3  cards
Preparation: Asset inventory and Risk Assessments
Inventory and risk assessment,
Asset inventory,
Risk assessments
3  cards
Prevention: DMZ
Dmz,
What is a dmz,
Dmz systems
5  cards
Prevention: Host Defenses
Host defenses,
Host intrusion detection and prev...,
Anti virus software
7  cards
Prevention: Network Defenses
Network defenses,
Network intrusion detection,
Network intrusion prevention
7  cards
Activity) Setting up a Firewall
Setting up a firewall,
32  cards
Prevention: Email Defenses
Email defenses,
Spf dkim dmarc,
Marking external emails
7  cards
Prevention: Physical Defenses
Prevention physical defenses,
Deterrents,
Access controls
5  cards
Prevention: Human Defenses
Human defenses,
Security awareness training,
Security policies
6  cards
Section Introduction, Detection & Analysis
Section introduction detection an...,
Common events incidents,
R2l port scanning
6  cards
Using Baselines & Behaviour Profiles
Baselines behaviour profiles,
Anomaly based detection,
Enhanced detection
3  cards
Introduction to Wireshark (GUI)
Introduction to wireshark,
Wireshark gui,
5  cards
Introduction to Wireshark (Analysis)
Introduction to wireshark,
Applying display filters,
Following streams custom columns
7  cards
Lab) Network Traffic Analysis Investigations Solution
Q1,
Q2,
Q3
19  cards
YARA Rules For Detection
Yara for detection,
Installing yara on linux,
9  cards
Activity) Threat Hunting With YARA
Yara for detection,
Challenge scenario
2  cards
CMD and PowerShell For Incident Response
Cmd and powershell,
Command line,
Wmic process get description exec...
14  cards
Lab) CMD and PowerShell Solution
Q1,
Q2,
Q3
9  cards
DeepBlueCLI For Event Log Analysis
Deepbluecli,
Using deepbluecli,
6  cards
Section Introduction, Containment, Eradication, & Recovery
Introduction,
Learning objectives,
Incident containment
8  cards
Taking Forensic Images
Taking forensic images,
Ftk imager and kape,
Virtual desktops
3  cards
Identifying and Removing Malicious Artifacts
Removing malicious artifacts,
What are malicious artifacts,
Identifying artifacts
5  cards
Identifying Root Cause and Recovery
Root cause and recovery,
Identifying the root cause,
Incident recovery
3  cards
Section Introduction, Lessons Learned & Reporting
Introduction,
Learning objectives,
What went well
6  cards
Incident Response Metrics
Incident response metrics,
Impact metrics,
Time based metrics
4  cards
Reporting Format
Reporting format,
Executive summary,
Incident timeline
6  cards
Reporting Considerations
Reporting considerations,
Report audience,
Incident investigation
4  cards
Section Introduction, ATT&CK
Mitre att ck
1  cards
Initial Access
Initial access,
Phishing,
Phishing 2
7  cards
Execution
Execution,
Windows management instrumentation,
Windows management instrumentation 2
5  cards
Persistence
Persistence,
Boot or logon autostart execution,
External remote services
4  cards
Privilege Escalation
Privilege escalation,
Valid accounts,
Privilege escalation exploits
4  cards
Defense Evasion
Defense evasion,
Impair defenses,
Impair defenses 2
5  cards
Credential Access
Credential access,
Os credential dumping,
Os credential dumping 2
5  cards
Discovery
Discovery,
Account discovery,
Account discovery 2
3  cards
Lateral Movement
Lateral movement,
Internal spearphishing,
Internal spearphishing 2
3  cards
Collection
Collection,
Email collection,
Email collection 2
9  cards
Command and Control
Command and control,
Application layer protocol,
Application layer protocol 2
5  cards
Exfiltration
Exfiltration,
Exfil over c2 channel,
Scheduled transfer
3  cards
Impact
Impact,
Account access removal,
Account access removal 2
7  cards
Activity) ATT&CK Navigator
Att ck navigator,
For threat hunting,
For adversary emulation
11  cards

More about
Security Blue - Incident Respons

  • Class purpose General learning

Learn faster with Brainscape on your web, iPhone, or Android device. Study ola sijuwola's Security Blue - Incident Respons flashcards now!

How studying works.

Brainscape's adaptive web mobile flashcards system will drill you on your weaknesses, using a pattern guaranteed to help you learn more in less time.

Add your own flashcards.

Either request "Edit" access from the author, or make a copy of the class to edit as your own. And you can always create a totally new class of your own too!

What's Brainscape anyway?

Brainscape is a digital flashcards platform where you can find, create, share, and study any subject on the planet.

We use an adaptive study algorithm that is proven to help you learn faster and remember longer....

Looking for something else?

Security+ Practice exams
  • 38 decks
  • 2776 flashcards
  • 169 learners
Decks: Professor Messer Practice Questions, Comptia Practice Questions, Comptia Review Questions, And more!
Security +
  • 26 decks
  • 1501 flashcards
  • 227 learners
Decks: Deck A, Deck B, Deck C, And more!
Make Flashcards