Coordinat IR
Search…
Response Area

Response Area

The Response Area is the main working area while working on Investigations.

My Work

The My Work area provides access to Investigations, Alerts, and Dashboards.
Investigations is the core functionality of Coordinat-IR.

Investigations

The Investigations Form has eight primary tabs.
  • General: Management Information.
  • Alerts: Alerts attached to the Investigation.
  • Observables: Information seen that triggered the Investigation or information that should be documented. Observables can be used to create Indicators. Observables include:
    1
    Hosts
    2
    Files
    3
    Network Connections
    4
    Processes
    5
    Registry Keys
    6
    Users
    Copied!
  • Response: The Response Board provide a status of items to be processed. The Response Board includes:
    1
    Hosts
    2
    Indicators
    3
    Credentials
    Copied!
  • Actions: Provides a complete list of Actions taken and Notes.
  • Exploit Timeline: Provides for entry to the Exploit steps taken.
  • Impact: Provides for entry of the Incident impact.
  • Recovery: Provides for entry of the Recovery Comments and Prevention steps.

Environment

This grouping provides information about the client environment including:
  • Hosts
  • Directory Accounts
  • Directories
Last modified 1yr ago