Defensive Security: Incident Response Fundamentals (TryHackMe)

In this article, I will write a write-up for Incident Response Fundamentals that covers Introduction to Incident Response, What are Incidents, Types of Incidents, Incident Response Process, Incident Response Techniques, and Lab Work Incident Response.

1. What is triggered after an event or group of events point at a harmful activity? Alert

2. If a security solution correctly identifies a harmful activity from a set of events, what type of alert is it? true positive

3. If a fire alarm is triggered by smoke after cooking, is it a true positive or a false positive? false positive

4. A user's system got compromised after downloading a file attachment from an email. What type of incident is this? malware infection

5. What type of incident aims to disrupt the availability of an application? Denial of service

6. The Security team disables a machine's internet connection after an incident. Which phase of the SANS IR lifecycle is followed here? containment

7. Which phase of NIST corresponds with the lessons learned phase of the SANS IR lifecycle? Post Incident Activity

8. Step-by-step comprehensive guidelines for incident response are known as? Playbooks

   You will perform a complete incident response after a phishing email hits multiple hosts in a network. You have to follow the steps given in the site and answer the questions below:

9. What was the name of the malicious email sender? Jeff Johnson

   

10. What was the threat vector? Email Attachment

11. How many devices downloaded the email attachment? 3

    

12. How many devices executed the file? 1

13. What is the flag found at the end of the exercise? THM{My_First_Incident_Response}

    

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges. We can also connect more on LinkedIn or X.