When does Huntress send an Incident Report?
- If ThreatOps reviews detection and determines further investigation or action is required.
What's included in an incident report?
- Severity - Determined
- Related Detections
- Assisted Remediation (if relevant)
What does ThreatOps review?
This list will grow over time. Today ThreatOps focuses on:
- Cobaltstrike Detections
- Critical Severity (i.e. Mimikatz, Ransomware, Powershell, Meterpreter)
- Defender Additional Actions
How does Assisted Remediation work?
Assisted remediation will attempt to provide the following actions:
- Delete File
- Full Scan