Incident Response

After this skill you can…

• Build an incident response playbook
• Analyse logs in Splunk or Elastic SIEM
• Perform memory and disk forensics on a compromised system

Prerequisites

Watch (10 videos)

SANS DFIR NetWars

SANS Institute · beginner hands-on

→ Respond to incidents with forensic analysis→ Stop data breaches with DFIR skills

Threat Hunting in 3 Easy Steps!

The Cyber Mentor · beginner hands-on

→ Respond to security incidents→ Contain and eradicate threats→ Recover from incidents

Mostly Stupid Hacks

John Hammond · intermediate hands-on

→ Respond to ransomware attacks→ Implement basic security controls

This Company Got Hacked... but HOW?

John Hammond · advanced hands-on

→ Analyze logs to identify security breaches→ Respond to hacking incidents effectively

How Baselining Helps Incident Response

The Cyber Mentor · beginner hands-on

→ Conduct incident response→ Analyze network activity→ Identify malicious behavior

Crisis Management in Healthcare | Steve Armstrong-Godwin

SANS Institute · intermediate hands-on

→ Respond to ransomware attacks→ Manage cyber crises

Supply Chain Compromises Pt. 2 | The Incident Commander Series Ep. 4

SANS Institute · beginner hands-on

→ Respond to supply chain compromises→ Manage incident response

You came with *that* plan? You're braver than I thought!

SANS Institute · advanced hands-on

→ Develop effective incident response plans→ Conduct tabletop exercises→ Improve inter-team relations

Strategy 5: Prioritize Incident Response

SANS Institute · intermediate hands-on

→ Prepare for incident response→ Execute incident response plans→ Improve incident response capability

Analysis 101 for the Incident Responder

SANS Institute · intermediate hands-on

→ Conduct network forensics→ Analyze logs→ Perform endpoint forensics

Read (10 articles)