This goes to Level 2 Have you looked in Wiz? This is TOR I don’t have access I need some coffee So who has questions about their ticket? It’s been a meeting heavy day Did you notify SVIC? Security event not an IR We will automate Does this look malicious? Add more resources Your goal is to mark yourself as pro Do I have access to this? Look at the geographical data Tell me more about… Did you look at session traffic Compromise IOC I can set you up with a mentor We need these logs in Splunk IR takes priority We need that on the wiki I’m helping out on-call Forensic Analysis This goes to Level 2 Have you looked in Wiz? This is TOR I don’t have access I need some coffee So who has questions about their ticket? It’s been a meeting heavy day Did you notify SVIC? Security event not an IR We will automate Does this look malicious? Add more resources Your goal is to mark yourself as pro Do I have access to this? Look at the geographical data Tell me more about… Did you look at session traffic Compromise IOC I can set you up with a mentor We need these logs in Splunk IR takes priority We need that on the wiki I’m helping out on-call Forensic Analysis
(Print)
This goes to Level 2
Have you looked in Wiz?
This is TOR
I don’t have access
I need some coffee
So who has questions about their ticket?
It’s been a meeting heavy day
Did you notify SVIC?
Security event not an IR
We will automate
Does this look malicious?
Add more resources
Your goal is to mark yourself as pro
Do I have access to this?
Look at the geographical data
Tell me more about…
Did you look at session traffic
Compromise IOC
I can set you up with a mentor
We need these logs in Splunk
IR takes priority
We need that on the wiki
I’m helping out on-call
Forensic Analysis
