Back to Home
SOC Casefiles
Real-world incident investigation workflows demonstrating alert triage, IOC extraction, and ticket documentation skills.
Investigation Casefiles
001 - Phishing Triage
Email header analysis, IOC extraction, verdict, and containment procedures for phishing incidents.
High
Email Header Analysis
IOC Extraction
Threat Intelligence
Containment
002 - Brute Force Login
Authentication logs analysis, IP intelligence gathering, and conclusion documentation for brute force attacks.
High
Log Analysis
IP Intelligence
Attack Detection
Incident Response
003 - Malware/EDR Alert
Artifact review, scope determination, and escalation notes for malware detection alerts.
Critical
Malware Analysis
EDR Analysis
Containment
Escalation
004 - Impossible Travel
Identity event triage and recommendations for impossible travel detection scenarios.
Medium
Identity Analysis
Geolocation Analysis
Access Control
User Verification
005 - Splunk Failed Login Triage ⭐
Real-world Splunk log analysis for failed login attempts using actual evidence from the Log Analysis project.
High
Splunk
SPL Queries
Log Analysis
Dashboard Analysis
Response Playbooks
Phishing Response Playbook
Step-by-step procedures for investigating and responding to phishing incidents.
Brute Force Response Playbook
Detection, analysis, and response procedures for brute force attacks.
Malware Containment Playbook
Containment, eradication, and recovery procedures for malware infections.
Impossible Travel Playbook
Response procedures for impossible travel detection and identity verification.