Incident Response Analysis
Security Monitoring // Post-Compromise Forensic Review
< Back to Simulations
↻ Reset Simulation
SFTP Logs
Netstat
HTTP Logs
Suspected Source IP:
Select Target...
Indicator of Compromise:
Select Indicator...
Modified index.html file
Permissions changed on web root file
Repeated failed logins
Web scanning activity (404 bursts)
Unusual outbound SSH connection
Incident Response Actions (Select 2):
Reset
bbytes
credentials.
Restrict SSH/SFTP to internal/VPN.
Enable MFA for all admins.
Restore web root from backup.
Deploy WAF blocking rules.
Block outbound port 22.
Validate Findings
Study Debriefing
Analysis Result
X
Investigation & Mission Debriefing
