This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This shows a five-step sequence. This is NOTIONAL - let's not get hung up on whether or not your process | |
works this exact way or not but rather if this is the sort of data we need to be able to represent in | |
support of this use-case. | |
1. Automatically-generated alert converted to an event | |
2. Second automatically-generated alert | |
3. Ticket opened and assigned to an analyst to investigate | |
4. Both machines are remediated and malware confirmed | |
5. Incident confirmed - analyst adds context |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"type": "bundle", | |
"id": "bundle--77e6c97f-9744-43b5-b7bb-28208f73da3a", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"type": "marking-definition", | |
"id": "marking-definition--addb507a-5584-4a6e-aadc-16a9646725bc", | |
"created": "2017-07-22T01:40:44.781Z", | |
"modified": "2017-07-22T01:40:44.781Z", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"type": "bundle", | |
"id": "bundle--9f0725cb-4bc3-47c3-aba6-99cb97ba4f52", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"type": "marking-definition", | |
"id": "marking-definition--dc1b5371-1918-4e57-93f2-25d1d78d983f", | |
"created": "2017-07-18T22:00:30.404Z", | |
"definition_type": "statement", |