| Title | Set up relevant data collection |
|---|---|
| ID | RA1005 |
| Description | Usually, data collection is managed by Log Management/Security Monitoring/Threat Detection teams. You need to provide them with a list of data that is critically important for IR process. Most of the time, data like DNS and DHCP logs are not being collected, as their value for detection is relatively low. You can refer to the existing Response Actions (Preparation stage) to develop the list |
| Author | your name/nickname/twitter |
| Creation Date | YYYY/MM/DD |
| Category | General |
| Stage | RS0001: Preparation |
| Automation |
|
| References |
Workflow
Description of the workflow for the Response Action in markdown format.
Here newlines will be saved.