We need these logs in Splunk I don’t have access Add more resources I’m helping out on-call Your goal is to mark yourself as pro Do I have access to this? This is TOR We will automate I need some coffee Have you looked in Wiz? Does this look malicious? Did you notify SVIC? Tell me more about… We need that on the wiki It’s been a meeting heavy day Compromise IOC IR takes priority Security event not an IR This goes to Level 2 So who has questions about their ticket? Forensic Analysis I can set you up with a mentor Look at the geographical data Did you look at session traffic We need these logs in Splunk I don’t have access Add more resources I’m helping out on-call Your goal is to mark yourself as pro Do I have access to this? This is TOR We will automate I need some coffee Have you looked in Wiz? Does this look malicious? Did you notify SVIC? Tell me more about… We need that on the wiki It’s been a meeting heavy day Compromise IOC IR takes priority Security event not an IR This goes to Level 2 So who has questions about their ticket? Forensic Analysis I can set you up with a mentor Look at the geographical data Did you look at session traffic
(Print)
We need these logs in Splunk
I don’t have access
Add more resources
I’m helping out on-call
Your goal is to mark yourself as pro
Do I have access to this?
This is TOR
We will automate
I need some coffee
Have you looked in Wiz?
Does this look malicious?
Did you notify SVIC?
Tell me more about…
We need that on the wiki
It’s been a meeting heavy day
Compromise IOC
IR takes priority
Security event not an IR
This goes to Level 2
So who has questions about their ticket?
Forensic Analysis
I can set you up with a mentor
Look at the geographical data
Did you look at session traffic
