IR takes priority Security event not an IR I need some coffee I’m helping out on-call Forensic Analysis Compromise IOC This goes to Level 2 Your goal is to mark yourself as pro Add more resources We need that on the wiki I can set you up with a mentor Look at the geographical data This is TOR I don’t have access Do I have access to this? Tell me more about… It’s been a meeting heavy day Have you looked in Wiz? Does this look malicious? Did you notify SVIC? We need these logs in Splunk Did you look at session traffic So who has questions about their ticket? We will automate IR takes priority Security event not an IR I need some coffee I’m helping out on-call Forensic Analysis Compromise IOC This goes to Level 2 Your goal is to mark yourself as pro Add more resources We need that on the wiki I can set you up with a mentor Look at the geographical data This is TOR I don’t have access Do I have access to this? Tell me more about… It’s been a meeting heavy day Have you looked in Wiz? Does this look malicious? Did you notify SVIC? We need these logs in Splunk Did you look at session traffic So who has questions about their ticket? We will automate
(Print)
IR takes priority
Security event not an IR
I need some coffee
I’m helping out on-call
Forensic Analysis
Compromise IOC
This goes to Level 2
Your goal is to mark yourself as pro
Add more resources
We need that on the wiki
I can set you up with a mentor
Look at the geographical data
This is TOR
I don’t have access
Do I have access to this?
Tell me more about…
It’s been a meeting heavy day
Have you looked in Wiz?
Does this look malicious?
Did you notify SVIC?
We need these logs in Splunk
Did you look at session traffic
So who has questions about their ticket?
We will automate
