Forum Discussion

Bronze II

9 months ago

Solved

Threat Research: Cobalt Strike C2 – SIEM Analysis - Question 4

Hello, I'm trying to solve Question 4 of the "Threat Research: Cobalt Strike C2 – SIEM Analysis" lab, I've solved every other question EXCEPT that one. "What's the earliest @timestamp for the retu...

help & support

ColeS
9 months ago
Hey folks, I consulted with a colleague who finished the lab and got the answer with their advice. Format of the answer is HH.MM.SS (periods instead of colons), and they used event.created field instead of @timestamp. Also gotta check timezones ;)

The wording of the question is a bit misleading here, may want to address that?

ChrisKershaw

Community Support

9 months ago

Hey ColeS & z00peckteaball

I think I can help here!

Once you've entered the required query from Task 3 into the search bar in Elastic, make sure to change the 'event.created' field in the results to 'Sort Old-New'. The first result, when it refreshes, should give you the answer you need to complete Task 4 👍🏻.

I hope this helps you both 😊

Forum Discussion

Threat Research: Cobalt Strike C2 – SIEM Analysis - Question 4

Featured Places

Help & Support Forum

Related Content

Practical Malware Analysis: Static Analysis question 18

Practical Malware Analysis: Static Analysis question 19

Threat Research: Dependency Confusion Q8

How to Answer a Question

How to Ask a Question

Recent Discussions

A Letter to Santa

Hack Your First Web App: Ep.6 - Hydra

GuardDuty: Demonstrate Your Skills

Infrastructure Hacking: Responder Network Poisoning

copy-paste-compromise-malicious-documents-analysis