Emergency response process
The event response process is divided into the following steps:
Step 1: Event confirmation
The safety engineer directly contacts and docks with the customer, understands the specific details of the event through communication with the customer, and records the problem. According to the phenomenon described by the customer and the actual phenomenon of the system, the event is confirmed and qualitative;
Step 2: Event suppression and analysis
After receiving the event response application, the safety engineer will respond remotely or on-site according to the situation. The security engineer will analyze and judge the existing customer system and network conditions according to the security event description recorded by the customer, in combination with the previous vulnerability detection and analysis results, real-time monitoring and audit results, etc.
Step 3: Event processing
After the cause analysis of the safety event, the safety engineer will further deal with the safety event, and the specific work includes but is not limited to:
- Clean the system of trojans, viruses, and malicious programs;
- Clean trojans, webshell backdoors and hanging horse pages in the application system;
- Restore the system configuration that was tampered with by the hacker, and delete the backdoor account created by the hacker;
- Delete abnormal system services and clear abnormal processes;
Step 4: Event analysis report
After the incident is handled, the Incident Emergency Response Report shall be prepared according to the specific situation. The document describes the phenomenon, handling process, handling results, cause analysis of the incident, and gives corresponding safety suggestions. After obtaining the report, the customer can confirm the report content, and can also put forward feedback or complaints to the service process.