This document is based on web application attacks. Assuming the role of a SOC analyst in the data center at Night dragon, it is “all systems go” and “green light” status throughout the network. Then suddenly, an alert of some sort indicating a vulnerability scan is taking place (you pick which type). The website below may be of assistance.
Considering this, please respond to the following questions:
• What is the alert that is coming in and from what device(s), tool(s), or software? What is it indicating?
• How should you proceed to determine if the alert is real or a false alarm?
• What tool(s) are used in the process?
• What framework(s) are used in the process?
• What data is collected during the initial stages and where are they being recorded?
https://www.darkreading.com/attacks-breaches/-night-dragon-attacks-threaten-major-energy-firms