008-6-Cyber Security: Incident Reporting and Response Planning
In the Reports Portal, select > > > .
NERC Standard 008-6: Incident Reporting and Response Planning creates and maintains an appropriate incident response plan for your BES cyber system, ensuring that your organization supports and maintains appropriate cyber security requirements for your organization.
| Dashboards | Reports |
|---|---|
|
n/a |
-
Displays an overall view of the attackers, it's techniques and targets.
Charts:
-
Attack/Target Matrix
-
SSH Attacks- drilldown to SSH Attacks Overview Dashboard
-
Suspicious Activity Relationship
-
Top 5 Ports
-
Events Table
-
Web Attacks- drilldown to Web Attacks Overview Dashboard
Filters:
-
Agent Severity
-
Attack Technique
-
-
Displays command and control events. You can drill down to this dashboard from the Insights dashboard.
Charts:
-
Command and Control Activity Flow
-
Events Table
-
-
Displays lateral movement events which represent the way an attack spreads from an entry point to the rest of the network. For example, by placing malware on a user's computer, a malicious user could attempt to move laterally to infect other computers on the network, to infect internal servers, and so on until they reach their final target. The Lateral Movement Overview dashboard is interactive, so clicking on a specific item on a chart will render the other charts accordingly.
Charts:
-
Activity over Time
-
Source-Target IP Relationship
-
Events Table
-
-
Displays an overview of MITRE ATT&CK events including charts that sort events by MITRE ATT&CK technique, tactic, and frequency.
Tactics, Alerts by MITRE ATT&CK Techniques, and Alert Distribution by MITRE ATT&CK Tactics are interactive charts, meaning they update and change as you interact with other charts in the dashboard.
Note: This dashboard requires ArcSight ESM to populate.Charts:
-
Tactics
-
Alerts by MITRE ATT&CK Techniques
-
Alert Distribution by MITRE ATT&CK Tactics
-
Events Table
-