TestDrive

SPL-TD-CB-06

Introduction 1
Attack Stages 1
Lab Time - Wear a hat as a Victim 1
Lab Time - Wear a hat as a security operations center (SOC) analyst 1
Threat Hunting using Carbon Black Cloud 1
Investigate each process, command, binary leveraging CB 1
Threat Hunting Takeaways 1
Additional Resources 1

Other Resources

Print Article
TestDrive  /  SPL-TD-CB-06  /  Lab Time - Wear a hat as a security operations center (SOC) analyst

Wear a hat as a security operations center (SOC) analyst

Updated

In this section, you will go through the experience of a SOC analyst. From here onwards, let's imagine that you do not have access to the endpoint, and that you need to investigate what happened.

Watch VMware RICK MCELROY discussing building threat hunting into your security operations - HERE.

1. Let the threat hunting games begin

A few things, you want to keep it handy for the next steps:

  1. Launch the Carbon Black Cloud Chrome Shortcut on Desktop
  2. Use the credentials from the ReadMe file located on Desktop
  3. Make a note of your logged in TestDrive Windows VDI hostname and IP as shown in the next steps.

2. How to find hostname and IP in Windows

  1. Open command terminal in Windows

3. Type hostname and ipconfig

2. Type hostname and ipconfig to find out about host name and IP address of your logged in Windows environment

Previous Article Wear a hat as a Victim
Next Article Threat Hunting Overview using Carbon Black Cloud