Skip to main content

5. What is the general process for incident response?

  1. Collect information: host details, samples, customer information via security devices.
  2. Determine incident type: security event? Crypto‑mining, DoS, etc.
  3. In‑depth analysis: logs, processes, startup items.
  4. Clean‑up and disposal: terminate anomalous processes, delete files, patch.
  5. Produce a report: document the entire event comprehensively.