Auditing the system and network log files is a crucial step in the incident triage phase of the incident response and handling process. During incident triage, incident handlers assess and prioritize incidents based on their severity, impact, and the urgency of the response required. Part of this assessment involves reviewing log files to understand the nature of the incident, its scope, and the systems or networks affected. This information helps in categorizing the incident and deciding on the appropriate response actions. Unlike containment, which aims to limit the damage, incident disclosure, which involves communicating about the incident, or incident eradication, which focuses on removing the threat, incident triage is about evaluating and prioritizing the incident based on detailed log analysis among other factors.References:The Incident Handler (CREST CPTIA) courses and study guides emphasize the role of incident triage in the early stages of the incident response process, highlighting the importance of log file analysis in assessing and prioritizing incidents.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit