◼️
General Knowledge
  • Introduction
  • Building a Home Lab
  • Certification Roadmap
  • Basics
    • Basic Networking
    • Basic Gigamon Configuration
  • Firewalls
    • PFSense
    • Cisco ASA
  • Hardware Setup and Device Networking
    • Cisco Device
    • MaxVision Servers
    • Gigamon
  • Reporting
    • Network Activity Report (NAR)
    • Network Change Request (NCR)
    • Redmine
  • DCO Tools
    • Splunk
      • Threat Hunting with Splunk
    • Security Onion 2.4
      • Threat Hunting with Security Onion
    • OsQuery
  • Methodology
    • Gather Information
    • Gather Documents
    • Prepare Equipment and Team Procedures
    • Conduct Network Reconnaissance
    • MITTRE ATT&CK Framework
    • Considerations when Recommending Remedial Action
    • Document Everything
    • Defensive Cyber Operations Checklist
  • Requirements
    • Power Requirements
    • Port Density Requirements
    • Opened Port Requirements
  • Building a Virtual Testing Environment
    • Identify Requirements
    • Gather Equipment and tools
    • Initial Draft
    • Building the Environment
    • Example
Powered by GitBook
On this page
  1. Methodology

Document Everything

Excerpt from "Hunt Methodology" By Christian B.

PreviousConsiderations when Recommending Remedial ActionNextDefensive Cyber Operations Checklist

Last updated 2 years ago

Introduction

Lastly, and usually most frustrating, documenting everything you and your team do will make your life easier later. Currently, we use Redmine for all reporting, chat, and documentation, but this document is meant to be tool-agnostic. At the end of an exercise, there are several products that you could be asked to provide. Mission owners almost always ask for a risk assessment based on things that you saw. The risk assessment can define events by likelihood and criticality, but how it looks and what information it covers will depend on the mission owner and what product they would like to see.

For the After-Action-Report (AAR), it will be beneficial to document your findings, weaknesses in the network, recommendations made, and response time between recommendation and time implemented. Logs collected and number of logs collected versus your findings will assist you and your analysts in Fitness Reports (FITREP) or Junior Enlisted Performance Evaluation System (JEPES) accomplishments.

Example of a basic risk assessment template