Welcome!
#
- LetsDefend is a Blue Team Training platform.
- This writeup is for an alert on the LetsDefend simulated SOC.
The Alert:
#
Internal email, huh. Let’s copy the alert details into our notes, get the case & playbook started!
Playbook:
#
Investigating the Email:
#
Alright, let’s check the email out.
Filtering for [email protected] gives us a single email to investigate.
Uh… basic message asking for a meeting today. No attachment. No phishing. False positive.
Yeah, we know all this information. It’s all in the alert details, and from what we just investigated.
Is there any URLs or attachments? No.
Cleaning Up:
#
Analyst Note: “False Positive on internal email between [email protected] and [email protected], no attachments, simple message.”
Finish playbook!
Alert note: “False Positive. Internal email between coworkers. No attachment or phishing intent in the email body.”
Results:
#
Hope this helps!
