Ports
Type of attacks
Incident Response
Solutions
Acronyms
100

80

HTTP

100

Software that encrypts files and demands payment for the key

ransomware

100

Playbook with set of procedures that an organization follows to respond and recover from cybersecurity incidents

Incident Response Plan

100

Monitors, detects, and responds to threats on endpoints such as laptops, desktops, and servers

Endpoint Detection and Response EDR

100

SOC

Security Operations Center

200

443

HTTPS

200

Fraudulent emails that pretend to be from trusted sources to steal credentials

phishing

200

First step in an IRP plan

Preparation

200

Monitors, detects, and responds to suspicious or malicious activity across an organization’s network.

Network Detection and Response NDR

200

IOT

Internet of Things

300

53

DNS

300

Overwhelming a site with traffic to make it unavailable

DDoS

300

The final phase where teams analyze what went well or wrong

lessons learned

300

Controls incoming and outgoing traffic based on rules

Firewall

300

RDP

Remote Desktop Protocol

400

22

SSH

400

Trying many password combinations to guess credentials

brute-force

400

Cyberattack scenario to test and improve organization's incident response plan

Tabletop Exercise 

400

Scans systems, networks, or applications to find weaknesses or misconfigurations

Vulnerability Scanner

400

RAT

Remote Access Trojan

500

25

SMTP

500

Inserting malicious script into webpage

cross-site scripting

500

The person who coordinates the response, ensures tasks are executed, and communicates with stakeholder

Incident Commander/Manger

500

Aggregates and analyzes security data from across an organization's infrastructure

SIEM

500

LDAP

Lightweight Directory Access Protocol

M
e
n
u