Professional Documents
Culture Documents
anti-virus) logs
Web and SQL server logs Technical Data loss protection (DLP)
Server Access Logs
Tools that employ potential malware Cybersecurity Tools
Appflow logs
isolation and investigation techniques (eg.
Spams
sandboxing or virtual execution engines) Phishing Emails Malwares
System activity logs (eg. Administrator), Application Server (Website)
including storage Other relevant security management Server Access Activities
appliances or tools
• Endpoint (and agent-based) logs
EDR
Starters
• Email, firewall, VPN and Netflow logs Logs
Networking Movers
IPS
Phishing Activities
Malicious EXEs using Bulk Hash Search
Execution
Credential Access
Lateral Movement
Exfiltration
Firewall
Malicious/Suspicious Activities
Encryption at Motion
Via Help Desk Team User Accounts
Incidents Monitoring
Data Security
Mobiles
Devices
BYOD
EDR
Malwares
Patches
Anti-Malware
File-Sharing Tools
Third-party softwares Threat Intelligence Feeds
Non-Approved Clour URLs
Backup Monitoring
Windows
Feeds - IPs, Hashes, Filenames, Threat
Configuration Changes Actors, URLs, Domains
Active Directory
Change Requests
Networking Devices
Servers
VM team
Clients
Vulnerabilities and Alerts
Scanners
Workstations
Firewall
Pentest Services
Servers
Compliance Team
IDS/IPS
Operating Systems
Applications
Proxy Wi-Fi