Orca Security CDR alert detected

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect and respond to Cloud Detection and Response (CDR) alerts generated by Orca Security to prevent potential security breaches.

Identify and trigger notifications for CDR alerts issued by Orca Security, indicating potential security threats.

Assess the alert details, focusing on the category, type, and risk level.
Analyze the alert context to determine the potential impact and scope of activity.
Evaluate the risk associated with the alert, considering the sensitivity of the affected assets, potential compliance violations, and the likelihood of a security incident to guide decision-making and response prioritization.
Follow the recommended course of action as described in the alert recommendation to contain and mitigate the threat.
Implement mitigation measures to contain and remediate the activity that generated the alert, such as isolating affected systems, blocking malicious communication channels, and applying security controls to prevent further unauthorized access or data compromise.
Report findings from the investigation, response actions taken, and recommendations for improving security controls to relevant stakeholders, security teams, and management to enhance visibility, communication, and incident response coordination.