- Generating starting points for investigation by important data from a ticketing system
- Searching leaked/breached data from internal and external platforms
- Investigating the dark web to identify if internal data is being sold
- Obtaining threat intelligence from a specific threat
- Searching for Indicators of Compromise over systems/platforms to identify victims
- Investigating compromised systems and accounts in SIEM
- Collecting and Analyzing additional evidence from multiple cyber security platforms
