Incident Response with SecurityOnion

A detailed incident response plan which utilizes an open source NSM solution called SecurityOnion. Detailed descriptions and screen shots of how a detected incident leads to an alert, and within a few clicks, pivots to the exploit files. Further investigation and analysis into the exploit files reveals information which can be utilized to detect, contain, eradicate, and recover affected systems. Legal evidence can be gathered to identify and prosecute the intruders.