Incident Response
Qaybtan waxaa diiradda lagu saarayaa Incident Response (IR) β habka iyo farsamooyinka loo adeegsado marka dhacdo amni (security incident) ay dhacdo si loo aqoonsado, loo xakameeyo, loona tirtiro saameynta weerarka.
Ujeeddada qaybtaan waa in la fahmo geeddi-socodka jawaabta dhacdooyinka laga bilaabo helidda calaamadaha (indicators of compromise) ilaa dib u soo celinta nidaamka (system recovery).
Waxaan baran doonnaa:
Aasaaska iyo wejiyada Incident Response Lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned)
Falanqaynta dhacdooyinka amniga ee Windows iyo Linux
Ogaanshaha suspicious PowerShell activities, malicious scripts, iyo cron jobs
Sida loo ururiyo loona falanqeeyo caddaymaha (evidence) si loo helo sawir buuxa oo ku saabsan weerarka
Ujeeddada guud waa in la dhiso xirfad aad ku maareyn karto xaaladaha degdegga ah ee amniga, adigoo adeegsanaya hab nidaamsan oo caddayn iyo falanqayn ku dhisan.
Last updated