ATT&CK: The standard attack framework model defined by the American MITER Corp organization, defining each link in the attack process
IDS (Intrusion Detection System) intrusion detection system
IPS (Intrusion Prevention System) intrusion prevention system
WAF (WebApplication Firewalld) Web application firewall
SOAR (Security Orchestration, Automation and Response) security orchestration and automated response
SOAR=SOA+SIRP+TIP
SOA (Security Orchestration and Automation) precision orchestrated linkage security solution
SIRP (Security Incident Response Platforms) incident emergency response platform
TIP (Threat Intelligence Platforms) threat intelligence platform
EDR (Endpoint Detection and Response) terminal security detection and response
XDR (Extended Detection and Response) extended security detection and response: EDR evolution-source extended beyond the terminal
SCAP (The Security Content Automation Protocol) Security Content Automation Protocol
XCCDF (Extensible Configuration Checklist Description Format) extensible configuration check description format
OVAL (Open Vulnerability and Assessment Language) Open Vulnerability and Assessment Language
OCIL (OpenChecklistInteractiveLanguage) Open Checklist Interactive Language
POC (Proof of Concept): often refers to a piece of vulnerability proof code
EXP (Exploit) exploitation: the behavior of exploiting vulnerabilities to attack
A black swan event refers to a small-probability event that is difficult to predict, but when it occurs suddenly, it will cause a chain reaction and have a huge negative impact.
Gray rhino refers to those high-probability risk events that are often prompted but not fully taken into account.
Protection principles and priorities for network security : Can’t come in, can’t be taken away, can’t understand, can’t change, can’t run away