Upload files to "Modules/Knowledge/SANS"
This commit is contained in:
59
Modules/Knowledge/SANS/DFIR.py
Normal file
59
Modules/Knowledge/SANS/DFIR.py
Normal file
@ -0,0 +1,59 @@
|
||||
def get_dfir_content():
|
||||
return [
|
||||
{
|
||||
"title": "PICERL Framework",
|
||||
"content": """
|
||||
- Phases: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.
|
||||
- Example: Containment using decoys or monitoring tools.
|
||||
""",
|
||||
"resources": [
|
||||
"https://www.sans.org/",
|
||||
"https://www.cisa.gov/"
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Containment Challenges",
|
||||
"content": """
|
||||
- Rapid containment avoids losing critical intelligence.
|
||||
- No containment leads to prolonged adversary presence (whack-a-mole).
|
||||
""",
|
||||
"resources": [
|
||||
"https://www.ncsc.gov.uk/",
|
||||
"https://attack.mitre.org/"
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Hunt vs. Reactive Teams",
|
||||
"content": """
|
||||
- Reactive (Incident Response): Firefighting approach, putting out fires.
|
||||
- Hunt Teams: Proactive, leveraging threat intelligence to predict and disrupt.
|
||||
""",
|
||||
"resources": [
|
||||
"https://www.fireeye.com/",
|
||||
"https://www.mandiant.com/"
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Detection Engineering",
|
||||
"content": """
|
||||
- Focus on enabling actionable and collaborative processes.
|
||||
- Outsource or automate repetitive tasks while maintaining oversight of critical alerts.
|
||||
""",
|
||||
"resources": [
|
||||
"https://redcanary.com/",
|
||||
"https://www.crowdstrike.com/"
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Advanced Forensic Tools",
|
||||
"content": """
|
||||
- Volatility: Memory analysis.
|
||||
- Splunk and Loggly: Advanced log analysis and monitoring.
|
||||
- MFT Analysis: Tools like MFTECmd for NTFS evidence.
|
||||
""",
|
||||
"resources": [
|
||||
"https://volatilityfoundation.org/",
|
||||
"https://www.splunk.com/"
|
||||
]
|
||||
}
|
||||
]
|
||||
Reference in New Issue
Block a user