X hits on this document

180 views

0 shares

0 downloads

0 comments

15 / 47

Orion Incident Response Live CD

take some time to get used to it. As shown in the diagram, new information about a potential incident is entered first as an Incident Report. Once the report has been verified, an Incident is created. This incident can then lead to one or more Investigations as well as Blocks. A Block is an activity that attempts to stop or retard the attacker activity. Blocks are essentially containment steps. The investigations could be analysis work, interviews, forensic acquisitions, or any other activity that leads to the understanding and resolution of the incident. A visual depiction of the relationship between these entities is seen in Figure 8: RTIR Workflow.

Figure 8: RTIR Workflow

6.3.1. Using RTIR

The incident responder can use the RTIR web based interface (http://127.0.0.1/) to login and perform a variety of actions, such as accepting, annotating, rejecting, and closing incidents.

John Jarocki, john.jarocki@gmail.com

1

Document info
Document views180
Page views181
Page last viewedThu Jan 19 22:22:19 UTC 2017
Pages47
Paragraphs864
Words8806

Comments