Title Set up relevant data collection
ID RA1005
Description Usually, data collection is managed by Log Management/Security Monitoring/Threat Detection teams. You need to provide them with a list of data that is critically important for IR process. Most of the time, data like DNS and DHCP logs are not being collected, as their value for detection is relatively low. You can refer to the existing Response Actions (Preparation stage) to develop the list
Author your name/nickname/twitter
Creation Date YYYY/MM/DD
Category General
Stage RS0001: Preparation
  • thehive/phantom/demisto/etc


Description of the workflow for the Response Action in markdown format.
Here newlines will be saved.