Cyber Security Playbooks

Cyber Security Playbooks

Nota importada desde Inbox durante consolidacion bulk.

Resumen

Comprehensive reference to the Western Australia Cyber Security Unit (DGOV) SOC playbooks. Covers the full spectrum of security operations: triage and investigation, incident response (18 IRM-2022 scenarios), vulnerability response, threat hunting, and digital forensics. Aligned with CISA Cybersecurity Incident and Vulnerability Response Playbooks and MITRE 11 Strategies.

Contenido Principal

Core Resources

Baselines

Guidelines

Training

1. Triage & Investigation

2. Incident Response (IRM-2022)

Based on CERT Societe Generale IRM-2022 (Incident Response Methodologies 2022), covering 18 common scenarios:

  1. Worm Infection
  2. Windows Intrusion
  3. Unix/Linux Intrusion Detection
  4. DDoS
  5. Malicious Network Behaviour
  6. Website Defacement
  7. Windows Malware Detection
  8. Blackmail
  9. Smartphone Malware
  10. Social Engineering
  11. Information Leakage
  12. Insider Abuse
  13. Customer Phishing
  14. Scam
  15. Trademark Infringement
  16. Phishing
  17. Ransomware
  18. Large Scale Compromise

3. Vulnerability Response

Under review; references Patch Operating Systems and Patch Applications

4. Threat Hunting

Under review; Jupyter Notebooks effective for querying datalake repositories; see KQLmagic for Azure Data Explorer

5. Digital Forensics

Under review; see Collecting Evidence and Dissect for modern forensics tooling

Puntos Clave

  • Aligned with CISA Cybersecurity Incident and Vulnerability Response Playbooks (508C)
  • Aligned with MITRE 11 Strategies of a World-Class Cybersecurity Operations Center
  • IRM-2022 covers 18 specific incident types with dedicated response methodologies
  • Sections 1, 3, 4, 5 are under review with interim tool recommendations
  • Free and publicly available resource suitable for SOC operationalization

Aplicacion Practica

  • Use IRM-2022 as basis for incident response procedures when no internal playbook exists
  • Adopt baselines for data sources, security operations and vulnerability management
  • Use TTP detection guidelines for threat hunting program development
  • Training materials suitable for SOC analyst onboarding

Referencias