Mock Task

Task Title: Investigation of Suspicious Login Attempts

Objective:

As a SOC Analyst trainee, you are required to investigate a suspicious login activity detected on an internal server. The goal is to identify potential security threats, mitigate risk, and provide actionable recommendations to prevent future attacks.

Scenario:

A series of failed login attempts were detected from an external IP address (185.143.223.10) targeting an internal server (192.168.1.10). These repeated attempts suggest a potential brute force attack.

Tasks:

Analyze the failed login events and determine the type of attack.

Review firewall and server login logs to trace the source and pattern of the attack.

Apply immediate mitigation steps, such as blocking the malicious IP address and enabling account lockout policies.

Document your findings in a structured incident report, including:

Event summary

Analysis of attack patterns

Investigation steps taken

Conclusion and mitigation outcome

Provide recommendations to improve security, such as enabling multi-factor authentication and monitoring login attempts.

Learning Outcome:

Upon completion, trainees will gain hands-on experience in:

Detecting and analyzing brute force attacks

Investigating server and network logs

Implementing immediate security measures

Preparing professional incident reports with actionable recommendations