AWS security-ir documentation change
Summary
Added IR/SOC metadata template table for incident response preparation
Security assessment
Provides documentation for security operations teams to improve incident response readiness, but does not address a specific vulnerability or security incident.
Diff
diff --git a/security-ir/latest/userguide/appendix.md b/security-ir/latest/userguide/appendix.md index 2b2a99e69..86de12ba2 100644 --- a//security-ir/latest/userguide/appendix.md +++ b//security-ir/latest/userguide/appendix.md @@ -6,0 +7,9 @@ +Providing your metadata upfront to our CIRT, can help accelerate the profile creation time, improving the confidence in our triaging technology out of the gate. This will help reduce the upfront false positives identified when we begin to ingest your threat findings and create your "known good world." + +IR and SOC Personnel Contact Information Entry | IR | SOC Personnel: Role, Name, Email | Primary, Secondary Escalation Contacts | Internal, Known CIDR Ranges | External, Known CIDR Ranges | Additional Cloud Service Providers | Working AWS Regions | DNS Server IPs (if other than Route 53 Resolver) | VPN | Remote Access Solutions and IPs | Critical Application Names | Account Numbers | Uncommon Ports Commonly Used | ERD | AV | Vulnerability Management Tools Used | IDP | Locations +---|---|---|---|---|---|---|---|---|---|---|---|--- +1 | SOC Commander, John Smith, [email protected] | Primary | 10.0.0.0/16 | 5.5.60.0/20 (Azure) | Azure | us-east-1, us-east-2 | N/A | Direct Connect, Public VIF 116.32.8.7 | Nginx Webserver (Example Critical) | 1234567890 | 8080 | CrowdStrike Falcon | Entra, Azure +| | | | | | | | | | | | +| | | | | | | | | | | | +| | | | | | | | | | | | +