Incident Response

Responsible for investigating, analyzing, and responding to network cybersecurity incidents.

  • T0164: Perform cyber defense trend analysis and reporting
  • T0262: Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)
  • T0510: Coordinate incident response functions
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1084: Identify anomalous network activity
  • T1085: Identify potential threats to network resources
  • T1109: Resolve cyber defense incidents
  • T1110: Coordinate technical support to enterprise-wide cybersecurity defense technicians
  • T1118: Identify vulnerabilities
  • T1119: Recommend vulnerability remediation strategies
  • T1250: Perform cyber defense incident triage
  • T1251: Recommend incident remediation strategies
  • T1252: Determine the scope, urgency, and impact of cyber defense incidents
  • T1256: Perform forensically sound image collection
  • T1257: Recommend mitigation and remediation strategies for enterprise systems
  • T1260: Perform real-time cyber defense incident handling
  • T1299: Determine causes of network alerts
  • T1315: Track cyber defense incidents from initial detection through final resolution
  • T1316: Document cyber defense incidents from initial detection through final resolution
  • T1332: Produce incident findings reports
  • T1333: Communicate incident findings to appropriate constituencies
  • T1370: Collect intrusion artifacts
  • T1371: Mitigate potential cyber defense incidents
  • T1372: Advise law enforcement personnel as technical expert
  • T1407: Correlate threat assessment data
  • T1485: Prepare after action reviews (AARs)
  • T1489: Correlate incident data
  • T1582: Maintain currency of cyber defense threat conditions
  • T1617: Prepare cyber defense reports