Drag and drop the type of evidence from the left onto the description of that evidence on the right.
Select and Place:
direct evidence
|
indirect evidence
|
corroborative evidence
|
|
log that shows a command and control check-in from verified malware
|
direct evidence
|
firewall log showing successful communication and threat intelligence stating an IP is known to host malware
|
indirect evidence
|
NetFlow-based spike in DNS traffic
|
corroborative evidence
|
|