Skip to content

3. Incident use cases

Jump to bottom
brettforbes edited this page Jun 17, 2023 · 3 revisions

3. Use cases

We want to describe classical use cases of incident investigations (blue team) from very basic to very advanced.

3.1.1 Example 1

This is a realistic use case based on a phishing attack reported by a human. The corresponding stix bundle is here

3.1.2 Example 2

This is a realistic use case based on a phishing attack reported by an email solution based on ML. The corresponding stix bundle is here

Clone this wiki locally