A member of the SOC team is checking the dashboard provided by the Cisco Firepower Manager for further Isolation actions. According to NIST SP800-61, in which phase of incident response is this action?
According to NIST SP800-61, the incident response lifecycle consists of four phases: Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity.
When a SOC team member checks the Cisco Firepower Manager dashboard for further isolation actions, they are working within the Eradication and Recovery phase.
This phase focuses on removing the threat from the environment and recovering affected systems to normal operations.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit