Description:

As a Security Operations Center $($SOC$)$ analyst, you're responsible for responding to

security incidents effectively to minimize risks and protect the organization's assets. This

assignment simulates a basic incident response scenario to evaluate your analytical skills

and understanding of SOC operations.

Task:

You are provided with a simplified incident scenario below. Your task is to analyze the given

information, identify potential indicators of compromise $($IOCs$),$ and propose a basic

response plan outlining the steps you would take to address the incident.

Mock Incident Scenario:

Your organization's monitoring system has flagged suspicious activity originating from a

workstation $($IP: $192\mathrm{.}168\mathrm{.}1\mathrm{.}100)$ in the Finance department. Upon investigation, you find the

following:

Unusual outbound network traffic from the workstation to an unfamiliar external

IP address $(95\mathrm{.}211\mathrm{.}7\mathrm{.}148)$ on port $80.$

Detection of PowerShell instances with encoded commands running on the

workstation.

Multiple failed login attempts to critical financial systems from the same

workstation.

Unauthorized access to sensitive files on a shared network drive, showing recent

modifications.

Deliverables:

Identify potential IOCs based on the provided information.

Provide a brief summary of your findings.

Outline basic steps to contain, investigate, and remediate the incident.

Include tasks such as isolating the affected workstation, collecting relevant data,

and reporting the incident to the appropriate teams.

Submission Guidelines:

Submit your response in a document format $($e$.$g$.,$ PDF$).$

Clearly label each section of your analysis and response plan.

Ensure clarity and coherence in your explanations.

You have $48$ hours to complete the assignment from the time of receipt.