This response plan includes steps to contain the threat, hunt for existing infections, and remediation. Following is a list of tasks that should be performed across your organization.
These tasks can and should be parallelized. The patching process can be slower but it’s important to start as soon as possible, even while containment is taking place. The authors recommend automation platforms and using existing playbooks, if you have one available, to speed up this process.
Read full post by Lior Kolnik from Demisto here.