Monitoring, Investigation, and Escalation as SOC L1
October 1, 2025
Lab activity walkthrough on monitoring, triage, investigation, and escalation of alerts as a SOC Tier 1 analyst.
Read more →October 1, 2025
Lab activity walkthrough on monitoring, triage, investigation, and escalation of alerts as a SOC Tier 1 analyst.
Read more →July 6, 2025
This blog covers the step-by-step triage of a suspicious phishing email alert in a simulated SOC environment. We examine the context, threat indicators, and recommended actions to determine if the attachment poses a risk to the organization.
Read more →July 6, 2025
This blog post covers the triage of a suspicious process detected in a SOC simulator, where a nslookup.exe command, launched by PowerShell, suggests potential DNS exfiltration. We analyze the alert details and provide insights on how to handle similar security incidents.
Read more →