InfoSec Playbook
Course DPI911 - Incidence Response.
Submitted By: Thomas Reid Zuk
Submitted on: April 20th, 2017
Instructor: Mike Martin
| Unique ID | Event Source | Abbreviation |
|---|---|---|
| 100000-199999 | DHCP Server | DHCP |
| 200000-299999 | Active Directory | AD |
| 300000-399999 | General Network Attacks | NET |
| 400000-499999 | File Servers | FTP |
| 500000-599999 | DNS Servers | DNS |
| 600000-699999 | VOIP Serer | VOIP |
| 800000-899999 | Web Server | WEB |
Categories
- Suspect: Indication of potentially malicious activity, requires investigation to determine is malicious or not.
- Policy: Violation of security policy that requires investigation.
- Malware: Indicators of malicious files and activity
Report names are in the format:
{UNIQUE_ID}-{HF,INV}-{ShortName}-{REPORT_CATEGORY}