Work Flow - Palo-Cortex/hackthon2020 GitHub Wiki

  1. Get Attack Group Dossier “MO” - Pull from Mitre or Autofocus or can we pull campaign from Pan Unit42 CozyDuke
  2. Searching environment for IOCs
  3. Create new Incident
  4. Build context around IOC (define Impact)
  5. List possible actions for analyst
  6. Update Dashboard to indicate success or failure of hunt