Phantom SOC

Forensics 200 pts standard
Challenge Description

An intrusion occurred while the SOC dashboard stayed green. The attacker is suspected of tampering with detection content and API keys in the SIEM stack.

Files
↓ decoy_admin_actions.csv ↓ detection_changes.json ↓ elastic_audit.log ↓ host_timeline.txt ↓ mixed_case_telemetry.log ↓ noise.log ↓ noise_expanded.log ↓ siem_alert_export.csv
Submit Flag

Login to submit a flag.

← All Challenges