Incident Reference: 123456
Created by: SOC Manager
Report Date: YYYYMMDD
Operational Entity: Local, Regional, Global
Incident Priority: P1, P2, P3, P4
Incident Duration: YYYYMMDD through YYYYMMDD
Incident Description: For example, Backdoor detected on end user laptop.
Identification Time: YYYYMMDD
Physical Location: [Location] City, State, Country
Source of Notification: For example, End user or Operational Entity, Email from end user, Threat detection tool, etc.
Stakeholders Outside the SOC: Forexamples, Operational Entities, IT services, or Risk and Compliance
Incident Summary: A brief explanation of the incident describing what the initial lead was, who and how they responded.
VERIS:Action: Malware, Hacking, Social, Misuse, Physical, Error, Environmental
VERIS:Actor: External, Internal, Partner
VERIS:Actor:Motive: Motive of external, internal, or partner actor
VERIS:Assets:Variety: Windows, Linux, MacOS
VERIS:Assets:Ownership: Employee Owned, Company Owned, Third-Party Managed
VERIS:Attributes:Discloure: Disclosure required yes/no
VERIS:Attributes:Availability: Business impact/loss of availability
Extracted Indicators (IOC’s): sample.exe 84C0C5914FF0B825141BA2C6A9E3D6F4
Explains any support details such as:
- Tools, tactics, and procedures used to investigate the incident or actions taken by the threat actor.
- During live response, acme.exe was discovered with altered code inserting a backdoor running in the background.
- Five unique SHA256 were taken and matched VirusTotal known malware associated with Zeusbot.
Summary of resolution: Insert resolution including outcome, containment, and recovery efforts.
Lessons Learned Summary:
- Was the incident managed properly?
- Were policies followed?
- What improvements could be recommended?
- Did any processes fail?