This document is based on web application attacks for the MyHeritage data breach
This document is based on web application attacks for the MyHeritage data breach. Assuming the role of a SOC analyst in the data center, it is “all systems go” and “green light” status throughout the network. Then suddenly, you get an alert of some sort indicating a vulnerability scan is taking place (you pick which type).
Considering this, respond to the following questions for your:
• What is the alert that is coming in and from what device(s), tool(s), or software? What is it indicating?
• How should one proceed to determine if the alert is real or a false alarm?
• What tool(s) should be used in the process?
• What framework(s) should be used in the process?
• What data should be collected during the initial stages and where should it be recorded?