k23 - Everything Everywhere All at Once A Practical Guide to Alert Triage & Analysis - Megan Benoit

If you’ve done any sort of work in incident response, assessing alerts and deciding where to start in collecting information can be overwhelming even in the best of times. It’s easy to overlook something important, or to blow something unimportant out of proportion. I’m going to cover some basic triage methodology and then we're going to walk through a full threat handling checklist that you can use in your day-to-day alert analysis to perform information collection, so you know you have the right data to make the right decisions - is this an emergency, or am I dealing with my hypochondriac AV again?