How Well Do You Know Incident Response and Threat Hunting?
0 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Study Notes

  • Automation is recommended for resolving known incident types in near real-time.
  • Triage analysts focus on rapid remediation of high volume and well-known incident types.
  • Quality standard of 90% true positive is recommended for alert feeds to avoid false alarms.
  • Most high-quality alerts come from XDR alerts, user reported issues, classic log query based alerts, and other sources.
  • Tool integration of XDR tools into Microsoft 365 Defender improves time to remediation.
  • Focus is kept narrow on a few technical areas and/or scenarios such as email and endpoint AV alerts.
  • Tier 2 team provides deeper investigation into a lower volume of more complex attacks.
  • Hunt and Incident Management (Tier 3) team is focused on identifying attackers that may have slipped through reactive detections.
  • The incident lifecycle involves Triage, Investigation, and Hunt teams.
  • The Hunt team reviews closed incidents to scan for commonalities or anomalies worth digging into.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Are you familiar with incident response and threat hunting? Test your knowledge with this quiz! From automation to tool integration, this quiz covers key concepts in incident response and highlights the roles of different teams in the incident lifecycle. Sharpen your skills and learn about best practices for resolving incidents in near real-time. Keywords: incident response, threat hunting, automation, tool integration, incident lifecycle, triage, investigation, hunt teams.

More Like This

Use Quizgecko on...
Browser
Browser