phishing email

A user clicked on a phishing email and entered their credentials into the site. The site appeared to be a Microsoft website. The user did not say anything to the IT department for about a week and has noticed the workstation being sluggish. Several other employees have reported the same slowness on their workstations. Networking has seen an excessive number of attacks through the state network from IP address 10.0.51.128/25 and 172.128.128.0/26 in the last week utilizing their SIEM. What are the steps you would take to remediate the risk? After remediation steps, it is a requirement to submit an incident response report. Please draft a sample of this incident report.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply