Forum Discussion
Threat Research: Cobalt Strike C2 – SIEM Analysis - Question 4
- 9 months ago
Hey folks, I consulted with a colleague who finished the lab and got the answer with their advice. Format of the answer is HH.MM.SS (periods instead of colons), and they used event.created field instead of @timestamp. Also gotta check timezones ;)
The wording of the question is a bit misleading here, may want to address that?
Hey folks, I consulted with a colleague who finished the lab and got the answer with their advice. Format of the answer is HH.MM.SS (periods instead of colons), and they used event.created field instead of @timestamp. Also gotta check timezones ;)
The wording of the question is a bit misleading here, may want to address that?
Hi ColeS,
Thank you for sending your feedback! We have updated the task to ask for the event, created just as you pointed out! I have also chatted with the QA teams to ensure we are triple-checking for this type of error! I hope you enjoyed the lab, though :)
- ColeS9 months ago
Bronze II
Was fun, thank you!