(Writeup) LetsDefend EventID: 28 - [SOC105 - Requested T.I. URL address]
Investigating a threat intelligence alert tied to a known malicious URL, validating indicators across external and internal TI sources, correlating proxy and endpoint logs, and determining the activity was part of an authorized internal firewall test.