We need these logs in Splunk We need that on the wiki Have you looked in Wiz? Compromise IOC IR takes priority Your goal is to mark yourself as pro Do I have access to this? I’m helping out on-call I can set you up with a mentor Forensic Analysis It’s been a meeting heavy day Security event not an IR This goes to Level 2 Did you notify SVIC? Did you look at session traffic Tell me more about… Look at the geographical data This is TOR We will automate Does this look malicious? Add more resources So who has questions about their ticket? I need some coffee I don’t have access We need these logs in Splunk We need that on the wiki Have you looked in Wiz? Compromise IOC IR takes priority Your goal is to mark yourself as pro Do I have access to this? I’m helping out on-call I can set you up with a mentor Forensic Analysis It’s been a meeting heavy day Security event not an IR This goes to Level 2 Did you notify SVIC? Did you look at session traffic Tell me more about… Look at the geographical data This is TOR We will automate Does this look malicious? Add more resources So who has questions about their ticket? I need some coffee I don’t have access
(Print)
We need these logs in Splunk
We need that on the wiki
Have you looked in Wiz?
Compromise IOC
IR takes priority
Your goal is to mark yourself as pro
Do I have access to this?
I’m helping out on-call
I can set you up with a mentor
Forensic Analysis
It’s been a meeting heavy day
Security event not an IR
This goes to Level 2
Did you notify SVIC?
Did you look at session traffic
Tell me more about…
Look at the geographical data
This is TOR
We will automate
Does this look malicious?
Add more resources
So who has questions about their ticket?
I need some coffee
I don’t have access
