Used whenever a security breach, data leak, or event occurs that requires incident response.

Think you might have a security incident but need help figuring it out? Leaked passwords but don't know if they've been used? It goes here. If attack is in progress or data has been leaked and used/seen by third parties, use the Incident component instead.

For MIG, the Mozilla InvestiGator.

For MozDef, the Mozilla Defense platform - Mozilla's SIEM.

For NSM, the Network Security Monitoring running at Mozilla.

An adversarial exercise with the goal of demonstrating risks that could be exploited by a threat actor. Testing scope is heavily influenced by Rapid Risk Assessment (RRA) and threat model (TM) results, which should be completed prior to Penetration Testing (pentesting / pentest).

Rapid risk assessments, vendor reviews, security control checking, etc. We're here to help!

A review of the set of attack scenarios to consider against an application. They are more specific, thorough and often more time consuming than Rapid Risk (RRA). When a threat model or analysis is requested on a large service (ie, larger than a quick reply in a bug), an RRA is required to ensure that the security recommendations cover the areas of concerns of the service.