1. Type of Incidents to be Reported
   1. Reconnaissance
      1. WAF
      2. Threat Intelligence
         1. Multi-domain
      3. Firewall
         1. Network Firewall
         2. VPC Boundary with Security Groups & NACL
      4. Identity & Access Management
         1. API calls/Audit records
         2. Least Privilage
            1. Policy Analyzer
         3. Policy Analyzer Access Advisor
   2. Unauthorised Access
      1. Policy Audit
   3. Unauthorised Changes
      1. GRC
      2. Guardrails/SCP
   4. Vulnerability Exploitation
      1. EDR
      2. Firewall
         1. Network Firewall
         2. Web Application Firewall
   5. Virus, Malware,Ransomware, Cryptominers
      1. Threat Intelligence
      2. EDR/XDR
   6. Infrastructure Attack: Servers, Database, Mail Server
      1. Guardrails/ SCP
      2. Governance & Compliance
      3. Audit Trails
   7. Spoofing & Phishing Attacks
      1. EDR
   8. Distributed Denial of Service, Bot attacks
      1. WAF, Shield Advance
   9. Web Vulnerabilities - OWASP
      1. WAF
   10. Data Breach & Data Leaks
       1. DLP, Encryption, Guardrails
   11. Attacks on Digital Payment Systems
       1. Subtopic 1
   12. Social Engineering
       1. Guardrails
       2. EDR
   13. Network Compromise: DNS, Subdomain
       1. DNSSec
       2. Network Firewall
   14. Cloud Specific: API Vulnerabilities, Weak Cryptography, Exposed data repositories, Cloud credentials
       1. IAM Roles
       2. TLS
       3. Detect-Secretes
       4. MFA
2. Malicious Mobile Apps/ Websites
   1. Fraud
   2. Phising
3. End User account compromise
   1. User Identity Theft
4. Time Sync
   1. Changes to Time Configurations
   2. Follow time sync Standards
5. Incident Reporting
   1. Unauthorised Access
   2. Denial of Service/Disruption
   3. Unauthorised Usage
   4. Changes in Data without Authorization
6. Logging Requirements
   1. 180 Days logs
7. KYC