-
Notifications
You must be signed in to change notification settings - Fork 78
Incident response guide
V1D1AN edited this page Oct 29, 2021
·
9 revisions
With S1EM, you have tools like TheHive and Cortex for the incident response.
When your alert arrives in TheHive:
You can click on Preview import for see the alert:
Click on Import
Your case is create and click on Observables:
Select all observables ( 1 ), click on Selected observables ( 2 ), click on Run analyzers ( 3 ):
Select the analyzers that you want and click on Run selected analyzers:
TheHive send to cortex the observables for analyse:
Cyberchef is a html page with several tools for help the analyzer like conversion tools: