-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Security Proposed Courses
Miles Florence edited this page Jun 7, 2018
·
1 revision
- Introduction to Incidents
- What is an Event?
- How and where can we observe events?
- Why is Application-level logging important?
- What is an Incident?
- What is Evidence? What isn't Evidence?
- How can I maintain the integrity of evidence?
- Under which circumstances should I notify law enforcement?
- What is an Event?
- Identify Malware in a Windows environment
- How can I view the running processes in Windows? Superficially and verbosely?
- Identify Malware in a Linux environment
- How can I view the running processes in Linux? Superficially and verbosely?
- Determine when and how to remove/study malware on a node
- Develop policy for Incident Handling (for your organization)
- Who in my organization should I go to if I need X? (ex. root access, finances, logs)
- What tools will I need in an emergency?
- How much funds should be set aside for emergencies?
- Apply an Incident Handling Framework (to your organization)
Want to contribute to this wiki? Go right ahead! If it has to do with how the Enki software ecosystem works, or editorial guidelines for how to write, let us handle that. Anything else, edit away!
Curriculum Format:
- Topic Documentation
- Course Documentation
- Workout Documentation
- Insight Documentation
- Glossary Documentation
Contributor Resources:
Curriculum overview:
Topic pages: