Skip to content

RP and RA use cases and best practicies #187

Open
@dsvetlov

Description

@dsvetlov

Hi all,

I have seen an interesting discussion about RP usage.

I would like to talk about your and my use cases for response playbooks. In my ATC installation, RPs are mainly used as "Triage" instructions. So the biggest part of my RP is focused on the identification of a threat, search of additional information and adding more context in case. After that escalation for 2nd line of SOC. In some simple cases, of course, there are other actions for containment.

Maybe we do need to separate "Triage phase" from others?
What are your use cases of RP?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions