Response Stages

ID Name Description
RS0001 Preparation Get prepared for a security incident.
RS0002 Identification Gather information about a threat that has triggered a security incident, its TTPs, and affected assets.
RS0003 Containment Prevent a threat from achieving its objectives and/or spreading around an environment.
RS0004 Eradication Remove a threat from an environment.
RS0005 Recovery Recover from the incident and return all the assets back to normal operation.
RS0006 Lessons Learned Discover how to improve the Incident Response process and implement the improvements.