Titre | Signaler l’incident aux sociétés externes |
---|---|
ID | RA4001 |
Description | Report incident to external companies |
Auteur | @atc_project |
Creation Date | 31.01.2019 |
Catégorie | General |
Étapes | RS0004: Éradication |
Automation | <ul><li>thehive</li></ul> |
References | <ul><li>https://www.antiphishing.org/report-phishing/</li><li>https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en</li><li>https://www.ic3.gov/default.aspx</li><li>http://www.us-cert.gov/nav/report_phishing.html</li><li>https://blog.thehive-project.org/2017/06/19/thehive-cortex-and-misp-how-they-all-fit-together/</li><li>https://www.sei.cmu.edu/education-outreach/computer-security-incident-response-teams/national-csirts/</li><li>https://www.crowdstrike.com/blog/indicators-attack-vs-indicators-compromise/</li><li>https://mitre.github.io/unfetter/about/</li></ul> |
Workflow
Report incident to external security companites, i.e. National Computer Security Incident Response Teams (CSIRTs).
Provide all Indicators of Compromise and Indicators of Attack that have been observed.
A phishing attack could be reported to:
- National Computer Security Incident Response Teams (CSIRTs)
- U.S. government-operated website
- Anti-Phishing Working Group (APWG)
- Google Safe Browsing
- The FBI’s Intenet Crime Complaint Center (IC3)
This Response Action could be automated with TheHive and MISP integration.