Phishing and credential compromise remain the most common entry point for attackers. This playbook provides a step-by-step process for identifying, containing, and investigating account compromise incidents.
Indicators of credential compromise
Initial investigation procedures
Account containment steps
Identity and access investigation guidance
Lateral movement detection steps
Recovery and monitoring procedures
Post-incident improvements and lessons learned
Organizations that rely on:
Microsoft 365
Google Workspace
Cloud identity providers
Remote workforce authentication
Phishing and credential compromise remain the most common entry point for attackers. This playbook provides a step-by-step process for identifying, containing, and investigating account compromise incidents.
Indicators of credential compromise
Initial investigation procedures
Account containment steps
Identity and access investigation guidance
Lateral movement detection steps
Recovery and monitoring procedures
Post-incident improvements and lessons learned
Organizations that rely on:
Microsoft 365
Google Workspace
Cloud identity providers
Remote workforce authentication
