5. What is the general process for incident response?
- Collect information: host details, samples, customer information via security devices.
- Determine incident type: security event? Crypto‑mining, DoS, etc.
- In‑depth analysis: logs, processes, startup items.
- Clean‑up and disposal: terminate anomalous processes, delete files, patch.
- Produce a report: document the entire event comprehensively.