Open
Description
Hi all,
I have seen an interesting discussion about RP usage.
I would like to talk about your and my use cases for response playbooks. In my ATC installation, RPs are mainly used as "Triage" instructions. So the biggest part of my RP is focused on the identification of a threat, search of additional information and adding more context in case. After that escalation for 2nd line of SOC. In some simple cases, of course, there are other actions for containment.
Maybe we do need to separate "Triage phase" from others?
What are your use cases of RP?
Metadata
Metadata
Assignees
Labels
No labels