Cases
Investigate and respond to security incidents.
Phishing Investigation
User clicked a malicious link in a phishing email leading to credential harvest site.
Brute Force Attempt
Multiple failed login attempts detected against VPN from external IP.
Policy Change Detected
User account added to local administrators group on workstation.
Suspicious API Access
A series of anomalous API requests detected from an unmanaged cloud host.
Unauthorized Software Installation
Cryptomining agent installed on corporate system WS-0452.
DMARC Configuration Failure
Multiple inbound spoofed emails detected due to weak DMARC policy rules.
Data Exfiltration Threat
Abnormal outbound SFTP traffic detected to an unknown external server IP address.
Unsecured Database Port Exposed
Database listener port (3306) exposed directly to the public internet on host LIN-DB-01.
Stale Account Activity
Login activity detected on a disabled contractor account dormant for over 90 days.
RDP Brute Force Attack
Multiple RDP login attempts from external IP targeting domain controller.
Suspicious File Download
Large executable file downloaded from unknown domain on workstation.
Unusual Login Time
User account accessed during non-business hours from unusual location.