CTF 2 - Classify an incident - RDP Brute force

Classify an RDP Brute Force Incident - Run this playbook and follow the questions.

Capture The Flag - 02 · 23 tasks · 0 inputs · 0 outputs

Flowchart

Start Start Find the XDR RDP Brute Force incident Find the XDR RDP Brute Fo... Check your answer #6 - CTF_2_BF Check your answer #6 CTF_2_BF No More Questions No More Questions Nicely done! Let's do this! Nicely done! Let's do this! Are any errors in the playbook? Are any errors in the pla... Check your answer #1 - CTF_2_BF Check your answer #1 CTF_2_BF Analyze the Incident Indicators Analyze the Incident Indi... Check your answer #2 - CTF_2_BF Check your answer #2 CTF_2_BF Check your answer #3 - CTF_2_BF Check your answer #3 CTF_2_BF Check if the indicator is associated with a campaign Check if the indicator is... Check your answer #4 - CTF_2_BF Check your answer #4 CTF_2_BF Campaign and report Campaign and report TIM and Auto-extract TIM and Auto-extract Related Incidents Related Incidents Classify this incident! Classify this incident! Post classification actions Post classification actions Investigate the incident Investigate the incident Check your answer #5 - CTF_2_BF Check your answer #5 CTF_2_BF Done Done Check the tag associated with the malicious indicator Check the tag associated ... Check your answer #7 - CTF_2_BF Check your answer #7 CTF_2_BF Delete Context - DeleteContext Delete Context DeleteContext