ACE

RESPONDER

Attack Animator

Blog

Learn

Challenges

Sign in

Have you ever received an alert and thought "where do I go from here?" Or, have you dug through mountain of data only to realize you are no closer to determining whether the network is compromised? In this module we look at some practical examples of alerts and walk through the investigations in a SIEM. The goal is to help you understand the investigative process and how to demonstrate due diligence - even if you don't have the right tools and information. We also take close look at Windows processes as a significant source of uncertainty. We discuss how they fit into our hypothetical threat models and all the different ways attackers abuse them to execute malicious code. By the end you will have a much better understanding of what to look for and practical experience getting the answers.

Investigating Alerts

Share on Twitter
Share on LinkedIn

Have you ever received an alert and thought "where do I go from here?" Or, have you dug through mountain of data only to realize you are no closer to determining whether the network is compromised? In this module we look at some practical examples of alerts and walk through the investigations in a SIEM. The goal is to help you understand the investigative process and how to demonstrate due diligence - even if you don't have the right tools and information.

We also take close look at Windows processes as a significant source of uncertainty. We discuss how they fit into our hypothetical threat models and all the different ways attackers abuse them to execute malicious code. By the end you will have a much better understanding of what to look for and practical experience getting the answers.

Analyst

$17.49

/mo

Explore realistic pre-recorded attacks

Master full-featured defensive platforms

Browser-based challenges and modules

Extended attack videos

8 AI credits per month

Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.

Defender

$44.49

/mo

Instant fully interactive labs

Hands-on prevention and detection

Master offensive techniques

Security engineering exercises

Highly realistic and dynamic scenarios

Access to all Analyst-level content

20 AI credits per month

Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.