Skip to content

1.15-Interview Network Owner

Task Interview mission owner to identify sensors and tools

Conditions

Standards

An IR Team deploys to an existing network that may or may not have adequate sensors to complete the mission. It is important to discuss the existing sensors, network monitoring and cyber defense tools (e.g., firewalls, Security Event Information Manager (SIEM), forensics, malware detection, network discovery and mapping) with the mission owner to determine what is already in place as part of the mission preparation phase. Based on that interview and the tools available, open source best practices and capabilities), the CPT should discuss additional sensors or tools with the organizations Network owner to determine the tools that are needed for the mission.

End State

Notes

Manual Steps

Running Script

Dependencies

Other available tools

References

Incident Respone Owner Interview Packet

Revision History