Note the initial risk level assigned to the alert. Tools (Platforms Used)
If you are referring to a specific lab like or TryHackMe's Elastic SOC Lab , please provide the platform name or exact lab title so I can give you the precise answers and walkthrough steps.
State whether the alert was a legitimate threat. soc.4.mp4
Analyzing Windows Event Logs or history files for system discovery or malware downloads .
Mention the specific tools used for the investigation, such as Splunk for SIEM, Snort for IDS, or CyberChef for decoding malicious strings. Note the initial risk level assigned to the alert
Record when the event occurred to correlate logs.
Inspecting the affected hostname and user. such as Splunk for SIEM
Checking traffic for communication with known malicious IPs or domains.