// THREAT DETECTION AND DATA PRIVACY TERM
Procedure
In cybersecurity, a procedure is a detailed, step-by-step document that guides a response team through a specific action during a security incident. It provides the exact instructions needed to complete a task, like isolating a compromised machine or analyzing a malware sample.
TECHNICAL DEFINITION
A procedure in incident response is a detailed, documented set of specific, repeatable steps for executing a security task, often part of a larger playbook or plan. These tactical instructions guide security analysts through technical actions like host isolation, evidence collection, or system remediation to ensure consistent and compliant incident handling.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Standard Operating Procedure (SOP)
- Work Instruction
- Checklist
- Runbook
- Step-by-step guide
- Task list
USAGE NOTE
Procedures are the most granular, tactical documents within an incident response plan, often referenced by analysts during a live incident to ensure no steps are missed.
DEVELOPERS
Organizations developing technology related to Procedure.
Develops Cortex XSOAR, a leading Security Orchestration, Automation, and Response (SOAR) platform that allows organizations to codify incident response procedures into automated 'playbooks' for consistent and rapid handling of security alerts.
Offers Splunk SOAR (formerly Phantom), a platform that helps security teams automate repetitive, procedural tasks. It enables the creation of standardized playbooks to orchestrate complex workflows across different security tools in response to threats.
Provides IBM Security QRadar SOAR (formerly Resilient), an incident response platform designed to help organizations codify their response procedures. It turns complex response plans into dynamic and actionable playbooks that guide analysts through every step.
Develops InsightConnect, its SOAR solution, which focuses on automating security and IT procedures without complex code. It connects various tools to execute predefined procedural workflows for tasks like vulnerability management, threat intelligence, and incident response.
A leader in incident response, Mandiant develops technology within its Advantage Platform that operationalizes its frontline expertise. The platform helps organizations validate security controls and manage incidents based on Mandiant's highly refined investigative and response procedures.
A security automation company whose platform is purpose-built to digitize and automate any security procedure. Swimlane's low-code approach allows security teams to build adaptable playbooks for incident response, threat hunting, and compliance.
A non-profit organization that develops influential frameworks and tools used to standardize cybersecurity procedures. Its ATT&CK framework is a global knowledge base of adversary tactics, and its Caldera platform automates adversary emulation to test defensive procedures.
Offers Falcon Fusion, a security orchestration, automation, and response (SOAR) framework integrated into its Falcon platform. It allows security teams to build real-time, automated workflows to streamline security procedures and accelerate incident response.