Skip to content
Login
English
繁體中文
日本語
No lengthy forms.
No questionnaires.
Just protecting your business, today.
register your key
How does IR-1 Work?
Investigation procedures in compliance to industry best practices (SANS, NIST, ISO)
SUSPECTED CYBER
INCIDENT
Client Shall:
• Contact Blackpanda 24/7
notification center
• Submit to Blackpanda the
incident data-ingestion form
• Continue to monitor
incident for developments
Blackpanda acknowledges and responds
IDENTIFY
• Determine the validity and
severity of the event
• Deploy endpoint data collection
tools
• Begin data collection
ANALYZE
• Conduct preliminary analysis
• Define scope and assign roles
• Communicate plan for action
• Begin containment and
remediation
CONTAIN,
ERADICATE & RECOVER
• Contain/quarantine the incident
• Conduct root cause analysis
• Confirm/deny data extraction
• Extended remediation*
• Recover lost data (if possible)
• Assist in restoring business
operations*
• Submit initial assessment report
FINAL REPORT
• Cause of incident and response
methodology
• Remediating actions*
• Recommendations for future
improvement of security posture
SUSPECTED CYBER INCIDENT
Client Shall:
• Contact Blackpanda 24/7 notification center
• Submit to Blackpanda the incident data-ingestion form
• Continue to monitor incident for developments
Blackpanda
acknowledges
and responds
IDENTIFY
• Determine the validity and severity of the event
• Deploy endpoint data collection tools
• Begin data collection
ANALYZE
• Conduct preliminary analysis
• Define scope and assign roles
• Communicate plan for action
• Begin containment and remediation
CONTAIN,
ERADICATE & RECOVER
• Contain/quarantine the incident
• Conduct root cause analysis
• Confirm/deny data extraction
• Recover lost data (if possible)
• Extended remediation*
• Assist in restoring business operations*
• Submit initial assessment report
FINAL REPORT
• Cause of incident and response methodology
• Remediating actions*
• Recommendations for future improvement
of security posture