Skip to content

1.17-Establish Mission Log

Task Establish Mission Log

Conditions

Given a network to defend establish system for mission logging

Standards

  • Team conducts incident tracking utilizing Date-Time Group (DTG)
  • Team provides incident description
  • Team categorizes level of incident
  • Team enumerates discovery and response
  • Team utilizes report logs

End State

Mission log created within parameters of the standards

Manual Steps

  • How to use the 9-line

    • Date/Time: Indicate when it was discovered
    • Reporting Unit & Region: Input current org/unit representing(ie CALOES or CPT)
    • POC: Person who discovered the anomaly
    • File Name: Input the file name
    • Type: Category of infection
    • Hazards: Input understood method of infection
    • Threat: Level of incident category and capabilities
    • Impact: Determine level of impact
    • Protective Measures: Determine steps of possible mitigation techniques
    • 9-Line does not leave client's premises

  • How to use the Federal Agency Incidents Categories Document

    • Reference all incident descriptions on the document. Description Column
    • By choosing the most applicable description, see the associated category (CAT) number. (left most column)
    • Ensure to be aware of and follow any associated time limitations in the column labeled Reporting Timeframe
    • include selected Category in the Mission Log

  • How to Fill Out the Mission Log

    • Date/Time column: Insert the current date and time of your entry.
    • Category column: Reference the Federal Agency Incidents Categories (can be found in the References section below) in order to categorize the incident that is being worked on.
    • System/IP column: Insert the host name and IP address of the asset that is being worked on.
    • Technical Notes column: Insert the actions and modifications that were made on the asset being worked on (i.e. Name of script that was run, change of file permissions, copying of a file and moving it to another directory).
    • Summary column: Give a breakdown of all activites performed at the date and time in order to simplify an explanation of course of action (COA).
    • Operator column: Insert your name in this field following this format: RANK LASTNAME, FIRSTNAME MIDDLE INITIAL.

  • Team utilizes report logs

    • Consolidate mission logs into a summary of all findings for the day
    • Save consolidated mission log at the client*approved location
    • Sanitize client/victim data from summary report. Save sanitized summary report in CPT archive

Running Script

N/A

Dependencies

Identify your limitations as far as utilization of tools on UNCLASSIFIED/CLASSIFIED networks

Other available tools

N/A

References

Federal Agency Incidents Categories Website
Mission Log document
Federal Agency Incidents Categories Spreadsheet
Malware 9-Line Report template

Revision History