A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:
Which of the following is the most appropriate action for the SOC analyst to recommend?
The SIEM logs indicate suspicious behavior that could be a sign of a compromise, such as the launching of cmd.exe after Outlook.exe, which is atypical user behavior and could indicate that a machine has been compromised to perform lateral movement within the network. Isolating laptop314 from the network would contain the threat and prevent any potential spread to other systems while further investigation takes place.
Nina
6 months agoBambi
6 months agoJosphine
6 months agoCarma
6 months agoEdelmira
7 months agoNobuko
7 months agoIsaiah
7 months agoGianna
7 months agoBok
8 months agoXochitl
8 months agoArmando
8 months agoSanjuana
8 months agoVallie
8 months agoKanisha
8 months agoIzetta
8 months agoMelita
8 months agoGrover
8 months agoRaina
8 months agoHobert
6 months agoRonald
7 months agoChau
7 months agoFallon
8 months agoChaya
8 months agoBea
8 months agoRosendo
8 months ago