Hello, today I will write about investigation of “SOC166 — Javascript Code Detected in Requested URL” alarm from letdefend.io. The alert is appears in our investigation channel. After that, we proceed to build the case. Let’s start the playbook. The first step of the playbook is asking us to understand…

Hello, today I will write about investigation of “SOC141 — Phishing URL Detected” alarm from letdefend.io. The alert is appears in our investigation channel. After that, we proceed to build the case. Let’s start the playbook. The first step is to ‘Parse Email’ and gather information about the incoming email…

Hello, today I will write about investigation of “SOC140 — Phishing Mail Detected — Suspicious Task Scheduler” alarm from letdefend.io. The alert is appears in our investigation channel. After that, we proceed to build the case. Let’s start the playbook. The first step is to ‘Parse Email’ and gather information about the incoming email. The alert itself contains the majority of the information: § The alarm was triggered as medium…

Hello, today I will write about investigation of “SOC114 — Malicious Attachment Detected — Phishing Alert” alarm from letdefend.io. The alert is appears in our investigation channel. After that, we proceed to build the case. Let’s start the playbook. The first step is to ‘Parse Email’ and gather information about…

Hello, today I will write about investigation of “SOC170 — Passwd Found in Requested URL — Possible LFI Attack” alarm from letdefend.io. The alert is appears in our investigation channel. After that, we proceed to build the case. Let’s start the playbook. We may conclude from the specifics that the…

Hello, today I will write about investigation of “SOC168 — Whoami Command Detected in Request Body” alarm from letdefend.io. The alert is appears in our investigation channel. After that, we proceed to build the case. Let’s start the playbook. The first step of the playbook is asking us to understand…

Hello, today I will write about investigation of “SOC167 — LS Command Detected in Requested URL” alarm from letdefend.io. The alert is appears in our investigation channel. After that, we proceed to build the case. Let’s start the playbook. The first step of the playbook is asking us to understand…

Hello, today I will write about investigation of “SOC169 — Possible IDOR Attack Detected” alarm from letdefend.io. The alert is appears in our investigation channel. After that, we proceed to build the case. Let’s start the playbook. The first step of the playbook is asking us to understand why the…

Hello, today I will write about investigation of “SOC165 — Possible SQL Injection Payload Detected” alarm from letdefend.io. The alert is appears in our investigation channel. After that, we proceed to build the case. Let’s start the playbook. The first step of the playbook is asking us to understand why…