#DFIR Automation Series
I use 4 levels of automation ranging from none to fully automated.
I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk.
We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.
