ASSURED

ASSURED Methodology for Event Triage

A comprehensive, scalable framework for security analysts to triage, investigate, and document events with clarity, context, and confidence. Transform your incident response with structured, systematic approaches that ensure nothing is missed.

Explore the Methodology

A - Alert

Understanding Detection Logic

Thoroughly understand detection mechanisms and trigger conditions behind security notifications to establish investigation foundation.

Alert Chapter Sections

  • Detection Logic: The Analyst's Priority
  • Detection Mechanisms
  • Alert Validation
  • Parsing Alerts
S - Subject

Identifying Key Entities

Systematically identify and analyze key entities involved in security events through multi-dimensional analysis.

Subject Chapter Sections

  • The Four Dimensions of Subject Analysis
  • Entity Types and Analysis
  • Behavioral Analysis Framework
  • Insider Analysis
S - Scope

Defining Investigation Boundaries

Establish clear investigation boundaries, regulatory requirements, and parameters to focus investigative efforts effectively.

Scope Chapter Sections

  • Regulatory Requirements
  • Time-Based Parameters
  • Entity-Based Scopes
  • Tool Integration
U - Uncover

The Investigation

Systematically collect and correlate telemetry from various sources to identify attack patterns and root causes.

Uncover Chapter Sections

  • Data Sources for Evidence Gathering
  • Leveraging Threat Intelligence
  • MITRE ATT&CK Framework
  • Investigation Methodology
R - Risk

Identifying Risk

Quantitatively assess potential impact and threat severity to enable priority-based response and decision-making.

Risk Chapter Sections

  • Framework for Risk Assessment
  • Evaluating Impact and Likelihood
E - Escalation

Triage to Broader Response

Determine when escalation is necessary and establish appropriate escalation paths for comprehensive incident response.

Escalation Chapter Sections

  • Criteria for Escalation
  • Internal and External Escalation Protocols
  • Event Triage vs Incident Response
  • Incident Command Structure
D - Documentation

Consistency and Record Keeping

Ensure comprehensive documentation of all actions, decisions, and lessons learned for compliance and continuous improvement.

Documentation Chapter Sections

  • Standards for Documentation Consistency
  • Templates for Efficient Recording
  • Documentation Pitfalls

Continue Your Journey

Dive deeper into the ASSURED methodology with comprehensive guides and essential glossaries.

View Methodology B.A.D. Glossary C.A.T. Glossary