Before starting let’s understand a few steps of threat investigation and attackers’ mindset. Whenever attacker breaches a system or try to all logs are generated as Events and Incidents which can be fetched into SIEM tools like MS Sentinel , Qradar. These behaviours can be summarised into TTP viz Tactics : The high level description of the behaviour and strategy of a threat actor.It means how they behave across the different stages of the cyberattack kill chain. Usually these stages inclu...
