@Jon_HQ wrote a great guide on performing incident response for a Discord server and I'm attempting to compile this information in one big handy guidebook currently which can be found here. It's a work-in-progress, so don't go too hard on me! It's meant to be an incident response checklist though, so to keep it as simple as possible I'm putting all of the "steps" there, while putting the actions associated with those steps here so that there is a visual guide in case someone hasn't performed these actions before. Ideally there would be tabletop exercises to train the community managers / individuals in charge of the Discord server, but it never hurts to have a backup!
This article will be continuously updated as the incident response checklist mentioned above changes.
Find the message you want to delete.
Hovering over it, hold the "shift" key and select the red trashcan labeled "Delete".
Right-click on the user's name.
Select the "Ban [username]" option.
Select the server name.
Select the "Server Settings" option.
Select the "Integrations" option on the left-side menu.
Select the desired web hook then select the "Delete Webhook" option.
Find the desired user.
Right-click on the user and hover over the "Role" option. Select the checkbox to remove the role for that user.
Select the server's name to bring up a menu, then select the "Server Settings" option.
Navigate to the "Server Settings".
Navigate to the "Custom Invite Link" option under your server's name.
Navigate to the "Server Settings".
Select the "Integrations" option located under the "Apps" section.
Scroll down to the "Webhooks" section and select the arrow to expand the webhook's details. Select the "Delete Webhook" button if you'd like to delete it.
Select the "Delete" button to confirm.
Observe the different audit logs that can be viewed there.
If the server is boosted, a custom invite link will be present there.
Under the "Bots and Apps" section, select a bot or app with the web hook symbol to investigate it further.
alp1n3.eth 🌲
Comments