Have you looked in Wiz? This is TOR Your goal is to mark yourself as pro Forensic Analysis Look at the geographical data Tell me more about… It’s been a meeting heavy day IR takes priority We need that on the wiki We will automate Does this look malicious? I don’t have access I need some coffee I can set you up with a mentor I’m helping out on-call Did you look at session traffic Do I have access to this? Did you notify SVIC? So who has questions about their ticket? This goes to Level 2 We need these logs in Splunk Compromise IOC Security event not an IR Add more resources Have you looked in Wiz? This is TOR Your goal is to mark yourself as pro Forensic Analysis Look at the geographical data Tell me more about… It’s been a meeting heavy day IR takes priority We need that on the wiki We will automate Does this look malicious? I don’t have access I need some coffee I can set you up with a mentor I’m helping out on-call Did you look at session traffic Do I have access to this? Did you notify SVIC? So who has questions about their ticket? This goes to Level 2 We need these logs in Splunk Compromise IOC Security event not an IR Add more resources
(Print)
Have you looked in Wiz?
This is TOR
Your goal is to mark yourself as pro
Forensic Analysis
Look at the geographical data
Tell me more about…
It’s been a meeting heavy day
IR takes priority
We need that on the wiki
We will automate
Does this look malicious?
I don’t have access
I need some coffee
I can set you up with a mentor
I’m helping out on-call
Did you look at session traffic
Do I have access to this?
Did you notify SVIC?
So who has questions about their ticket?
This goes to Level 2
We need these logs in Splunk
Compromise IOC
Security event not an IR
Add more resources
