Orca Security CDR alert detected

This rule is part of a beta feature. To learn more, contact Support.
orca-security

Classification:

attack

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect and respond to Cloud Detection and Response (CDR) alerts generated by Orca Security to prevent potential security breaches.

Strategy

Identify and trigger notifications for CDR alerts issued by Orca Security, indicating potential security threats.

Triage and response

  1. Assess the alert details, focusing on the category, type, and risk level.
  2. Analyze the alert context to determine the potential impact and scope of activity.
  3. Evaluate the risk associated with the alert, considering the sensitivity of the affected assets, potential compliance violations, and the likelihood of a security incident to guide decision-making and response prioritization.
  4. Follow the recommended course of action as described in the alert recommendation to contain and mitigate the threat.
  5. Implement mitigation measures to contain and remediate the activity that generated the alert, such as isolating affected systems, blocking malicious communication channels, and applying security controls to prevent further unauthorized access or data compromise.
  6. Report findings from the investigation, response actions taken, and recommendations for improving security controls to relevant stakeholders, security teams, and management to enhance visibility, communication, and incident response coordination.