The Response Area is the main working area while working on Investigations.
The My Work area provides access to Investigations, Alerts, and Dashboards.
Investigations is the core functionality of Coordinat-IR.
The Investigations Form has eight primary tabs.
General: Management Information.
Alerts: Alerts attached to the Investigation.
Observables: Information seen that triggered the Investigation or information that should be documented. Observables can be used to create Indicators. Observables include:
HostsFilesNetwork ConnectionsProcessesRegistry KeysUsers
Response: The Response Board provide a status of items to be processed. The Response Board includes:
Actions: Provides a complete list of Actions taken and Notes.
Exploit Timeline: Provides for entry to the Exploit steps taken.
Impact: Provides for entry of the Incident impact.
Recovery: Provides for entry of the Recovery Comments and Prevention steps.
This grouping provides information about the client environment including: