Alert Triage With Elastic
Premium roomInvestigate alerts with Elastic by analyzing logs and spotting threats.
medium
60 min
8,320
To access material, start machines and answer questions login.
As a Security Operations Center () analyst, you aim to investigate alerts and escalate incidents with clear evidence to support your findings. In this guided-challenge room, you'll use (part of the Elastic Stack) to perform alert triage and initial investigations, analyzing suspicious activity on an and Windows server. You’ll explore potential indicators of compromise (IoCs) and collect evidence by correlating events across multiple log sources to gain a deeper understanding of the attack.
Objectives
- Use to analyze common security logs
- Learn how to identify key indicators of compromise
- Correlate events across multiple log sources
- Uncover the breach through a series of alerts
Prerequisites
- Check out Investigating with 101 to build a foundation for working with the Elastic Stack
- Complete Logs Fundamentals to understand log structure and formatting
- Cover Windows Logging for for an overview of important event
- Go over for event to detect attacker activity
Machine Access
Click the Start Machine button below. Please give Elastic five minutes to start and access the dashboard with this link:
https://LAB_WEB_URL.p.thmlabs.com/
Set up your virtual environment
I understand the learning objectives and am ready to investigate with Elastic!
Ready to learn Cyber Security?
The Alert Triage With Elastic room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in