Vulnerability Response Playbook
High-level process to urgent and high-priority vulnerabilities being actively exploited in the wild
Last updated
High-level process to urgent and high-priority vulnerabilities being actively exploited in the wild
Last updated
Most vulnerabilities will have common vulnerabilities and exposures (CVE) descriptors. In other cases, agencies might encounter new vulnerabilities that do not yet have a CVE (e.g., zero-days) or vulnerabilities resulting from misconfigurations.
Proactively identify reports of vulnerabilities in the wild being actively exploited by monitoring threat feeds and info sources
A sweep for known IOCs associated with exploitation of the vulnerability.
Investigation of any abnormal activity associated with vulnerable systems or services, including anomalous access attempts and behavior.
Begin IR reponse if vulnerability is being exploited in environment
Patch management --> patch all vulnerabilities
Disable unused services
Reconfigure firewalls to block access to known IOCs
Increasing monitoring (Alert levels)