Response Area

Response Area

The Response Area is the main working area while working on Investigations.

My Work

The My Work area provides access to Investigations, Alerts, and Dashboards.

Investigations is the core functionality of Coordinat-IR.

Investigations

The Investigations Form has eight primary tabs.

  • General: Management Information.

  • Alerts: Alerts attached to the Investigation.

  • Observables: Information seen that triggered the Investigation or information that should be documented. Observables can be used to create Indicators. Observables include:

    Hosts
    Files
    Network Connections
    Processes
    Registry Keys
    Users
  • Response: The Response Board provide a status of items to be processed. The Response Board includes:

    Hosts
    Indicators
    Credentials
  • Actions: Provides a complete list of Actions taken and Notes.

  • Exploit Timeline: Provides for entry to the Exploit steps taken.

  • Impact: Provides for entry of the Incident impact.

  • Recovery: Provides for entry of the Recovery Comments and Prevention steps.

Environment

This grouping provides information about the client environment including:

  • Hosts

  • Directory Accounts

  • Directories