Incident Indicators & Remediation Simulator

RETRIEVING SIEM CONSOLE ALERTS...

Indicators & Malicious Activity Simulator

Welcome to the SOC Analyst training sandbox. You are monitoring the Security Information and Event Management (SIEM) console.

To begin, click "Retrieve Active Alerts" to pull security logs, identify malicious indicators matching Security+ Objective 2.4, deploy response playbooks, and inspect visual diffs.

Sec+ Indicators Guide

Malware Indicators

Ransomware

Demands payment by encrypting files. Indicators: sudden high CPU, file extension changes, and resource inaccessibility.

Trojans & Worms

Trojans disguise as legitimate files; worms self-replicate without human action, exhausting network resources.

Network & Cryptography

DDoS Amplification

Spoofs victim source IP sending requests to open servers (DNS/NTP) that reply with much larger response frames, flooding the victim.

Downgrade Attacks

Forces system cryptographic standards to fall back to insecure protocols (SSL 3.0 / TLS 1.0) to compromise sessions.

Account Indicators

Password Spraying

Guessing a few common passwords (e.g. Password1) across thousands of accounts to bypass lockout policies.

Impossible Travel

Simultaneous logins from geographically distinct locations within impossible time limits.

SIEM-SHIELD TACTICAL

Indicators & Malicious Activity Simulator

Incident Title