...
- Report any action taken to the EGI CSIRT as often as necessary
- Identify and kill suspicious process(es) as appropriate, but aim at preserving the information they could have generated, both in memory and on disk by dumping them beforehand, see Forensic_ Forensics Howto.
- If it is suspected that any credentials have been abused or compromised, you MUST inform the EGI CSIRT who take appropriate action. Inform the EGI CSIRT of any direct contact with the involved VO, CA or any other credential provider.
- If it is suspected that a virtual appliance used to instantiate an affected virtual machine is vulnerable or malicious, you MUST report it to the EGI CSIRT.
- Seek help from your local security team, from your NGI Security Officer or from the EGI CSIRT
- If relevant, additional reports containing suspicious patterns, IP addresses, files or evidence that may be of use to other infrastructure parties SHOULD be sent to the EGI CSIRT.
...