本文探讨了如何识别真正需要关注的安全事件,如端口扫描可能预示后续攻击,以及如何通过网络杀戮链评估优先级。同时强调了减少误报、控制安全漏洞和执行有效事件响应的重要性。
Which Security Events Do I Really Need to Worry About? 我真正需要担心哪些安全事件?
Which security events develop into the type of information security incident that requires my attention now? And… what do I do about it? To help categorize each incident type, align each one against the cyber kill chain to determine appropriate priority and incident response strategy. You can use this table as a start.
哪些安全事件发展成了我现在需要关注的信息安全事件?那我该怎么办呢为了帮助对每个事件类型进行分类,请根据网络杀戮链对每个事件进行调整,以确定适当的优先级和事件响应策略。您可以使用此表作为一个开始。
A Note About Port Scanning:
Even if you’re sure that an attacker is getting no useful information back from their scanning, if they seem to be doing a detailed and comprehensive scan of your external systems, it is reasonable to interpret this as intent to follow-up th
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
