This goes to Level 2 Have you looked in Wiz? Did you notify SVIC? Look at the geographical data Does this look malicious? So who has questions about their ticket? This is TOR Add more resources I can set you up with a mentor IR takes priority Compromise IOC I need some coffee Security event not an IR We will automate Do I have access to this? Did you look at session traffic Forensic Analysis I don’t have access Your goal is to mark yourself as pro It’s been a meeting heavy day I’m helping out on-call Tell me more about… We need these logs in Splunk We need that on the wiki This goes to Level 2 Have you looked in Wiz? Did you notify SVIC? Look at the geographical data Does this look malicious? So who has questions about their ticket? This is TOR Add more resources I can set you up with a mentor IR takes priority Compromise IOC I need some coffee Security event not an IR We will automate Do I have access to this? Did you look at session traffic Forensic Analysis I don’t have access Your goal is to mark yourself as pro It’s been a meeting heavy day I’m helping out on-call Tell me more about… We need these logs in Splunk We need that on the wiki
(Print)
This goes to Level 2
Have you looked in Wiz?
Did you notify SVIC?
Look at the geographical data
Does this look malicious?
So who has questions about their ticket?
This is TOR
Add more resources
I can set you up with a mentor
IR takes priority
Compromise IOC
I need some coffee
Security event not an IR
We will automate
Do I have access to this?
Did you look at session traffic
Forensic Analysis
I don’t have access
Your goal is to mark yourself as pro
It’s been a meeting heavy day
I’m helping out on-call
Tell me more about…
We need these logs in Splunk
We need that on the wiki
