(Writeup) LetsDefend EventID: 120 - [SOC170 - Passwd Found in Requested URL - Possible LFI Attack]
Investigating a suspected local file inclusion alert after a directory traversal attempt targeted /etc/passwd, reviewing SIEM HTTP logs, and confirming the attack failed based on a 500 server response with no returned content.