Incident response requires thorough preparation and planning. In this session, we'll explore real-life cases to consider whether threats can be analyzed and detected in a timely manner before a security incident occurs and also discuss strategies to enhance cybersecurity resilience.

This talk will discuss the hardening issues encountered by enterprises, and extend the discussion of international regulations and demand differences derived from supplychain audits.

In the process of incident response, the cybersecurity blue team often needs to conduct a large amount of analysis, including extensive log analysis for cloud events. This presentation mainly shares how to use open source tools for analysis. This includes the mention of SOF-ELK, the open-source forensics project by SANS utilizing Elasticsearch, the use of Graylog + OpenSearch for SIEM analysis, and ways to quickly analyze malicious logs by incorporating established Sigma Rules and other blue team knowledge.