Guides & OverviewsDetection and response

Incident Response Guide

Lay the groundwork for effective response.

The aftermath of a breach or other incident can be chaotic, and the last thing you want is to be making up an incident response plan on the fly. This guide provides a list of basic response actions that security teams can follow as they respond to incidents.

You will find basic response actions for:

  • High criticality incidents such as successful exploitation of a vulnerability or data exfiltration
  • Medium criticality incidents like malware downloads or remote access to external domains
  • Low criticality incidents such as adware, riskware, and peer-to-peer software

Security teams of all sizes and industries can use this as a building block to create a brand new response process or improve their existing one.