Function: Collection (08183021-1832-52b3-88ff-f6d02497a362)
Information and data collection activities extend beyond feeds providing automated information. Collection includes identifying useful sources such as information-relevant external activities including news from other constituencies, media sources, and other CSIRTs or security organizations, internal activities (e.g., organizational changes), technology developments, external events, political events, attack trends, defensive trends, conferences, available training, and more. The data collection function supports other services such as Security Event Management, Incident Management, and Knowledge Transfer. It also supports functions and activities within these services such as analysis, prediction, response, and risk mitigation. Newly collected information may reveal that an attack on a constituent is more likely than before. External events may expose information that identifies new risks to assets for a period of time or require heightened detection activities. Overall the information helps provide actionable information to aid in decision making and incident handling.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Function: Collection (08183021-1832-52b3-88ff-f6d02497a362) | FIRST CSIRT Services Framework | Service: Data acquisition (b06d204e-4c27-55cb-8770-79e2259c8e12) | FIRST CSIRT Services Framework | 1 |