I published the following diary on isc.sans.edu: “Using OSSEC Active-Response as a DFIR Framework”:
In most of our networks, endpoints are often the weakest link because there are more difficult to control (example: laptops are travelling, used at home, etc).They can also be located in different locations even countries for biggest organizations. To better manage them, tools can be deployed to perform many different tasks… [Read more]