CyberPath Sim

Blue Team Room

SOC Log Triage

You are the analyst on shift. Review the alert evidence, investigate the login pattern, identify the suspicious IP, and choose the best immediate action.

Back to Dashboard

Terminal

Evidence Console

Try: help, alerts, auth --failures, ip 203.0.113.50, user j.smith
analyst@cyberpath:~$

Objectives

Room tasks

  1. View the alert summary.
  2. Inspect the failed login pattern.
  3. Investigate the suspicious IP.
  4. Review the user context.
  5. Choose the correct containment action.