1. Identifying a Compliance Breach
- Monitor Active Alerts on the Darknet Intelligence tab for unauthorized exposures.
- Check the Deduction Table for unaddressed high-severity issues.
- Receive notifications from TRaViS support or your SIEM if a breach is detected.
2. Response Procedures
- Containment:
- Isolate affected domains or IPs using TRaViS’s scan history to identify the scope.
- Disable access to exposed resources (e.g., S3 buckets) via admin settings.
- Assessment:
- Use Active Alert Triage Tools to categorize the breach (e.g., "Bad" status).
- Export relevant data (e.g., Alert Data) for analysis.
- Remediation:
- Follow Remediation Details from SAST results or TRaViS support guidance.
- Update configurations (e.g., SSL certificates) based on Deduction Table actions.
- Reporting:
- Generate a compliance report with export tools and submit to legal teams.
- Notify affected parties (e.g., GDPR data subjects) if required.
3. Post-Incident Review
- Conduct a root cause analysis using logs and scan history.
- Update scan configurations to prevent recurrence (e.g., increase frequency).
- Document the incident and response in the TRaViS admin notes.
Best Practices
- Establish an incident response team with defined roles.
- Test response procedures quarterly with simulated breaches.
