- Provide a short introduction paragraph that includes the background that started your investigation and present a high level version of events that executive stakeholders can understand.
- Provide your analysis of the incident following your investigation
- Map incident observables to their respective Cyber Kill Chain stages and corresponding MITRE ATT&CK TTPs
| Kill Chain Stage | Observable(s) | ATT&CK TTP(s) |
|---|---|---|
- Provide your analysis on the adversary behind your incident and other connected campaigns you managed to find
- Are they are known or unknown adversary?
- How confident are you that it is that adversary?
- What are the main pieces of evidence that led you to this conclusion?
- Are there any other potential adversaries that could also be responsible?
- If you have enough information, create a
Diamond Model of Intrusion Analysisto help visualise your findings.
- Required Actions
- Recommendations