name: ir_triage description: Incident response triage collection. artifacts: - live_response/process/ps.yaml - live_response/process/lsof.yaml - live_response/process/top.yaml - live_response/process/procfs_information.yaml - live_response/process/procstat.yaml - live_response/process/fstat.yaml - live_response/process/pstat.yaml - live_response/process/pstree.yaml - live_response/process/ptree.yaml - live_response/process/proctree.yaml - live_response/process/hash_running_processes.yaml - live_response/process/strings_running_processes.yaml - live_response/process/* - live_response/network/* - bodyfile/bodyfile.yaml - live_response/system/* - live_response/hardware/* - live_response/packages/* - live_response/storage/* - live_response/containers/* - live_response/vms/* - chkrootkit/chkrootkit.yaml - hash_executables/hash_executables.yaml - files/* - !files/applications/* - !files/browsers/*