What are some examples of Incident Response automation?
You setup security monitoring – either a full commercial SIEM/SOC or something home-cooked (e.g., rsyslog -> OSSIM / MozDef / Splunk / …).
You also setup some rules so that some event triage is done – and you only get alerts for potential Incidents.
I’d like to know what automation is being done beyond this point. Not just more alerting / sending emails or reports – but something that attempts to resolve the incident itself.
Some use case and some examples of automation solutions (whether standard or DIY) would be helpful.
Continue reading What are some examples of Incident Response automation?