Forum Discussion

Bronze II

2 years ago

Solved

Threat Research: Cobalt Strike C2 – SIEM Analysis - Question 4

Hello, I'm trying to solve Question 4 of the "Threat Research: Cobalt Strike C2 – SIEM Analysis" lab, I've solved every other question EXCEPT that one. "What's the earliest @timestamp for the retu...

help & support

ColeS
2 years ago
Hey folks, I consulted with a colleague who finished the lab and got the answer with their advice. Format of the answer is HH.MM.SS (periods instead of colons), and they used event.created field instead of @timestamp. Also gotta check timezones ;)

The wording of the question is a bit misleading here, may want to address that?

ColeS

Bronze II

2 years ago

Hey folks, I consulted with a colleague who finished the lab and got the answer with their advice. Format of the answer is HH.MM.SS (periods instead of colons), and they used event.created field instead of @timestamp. Also gotta check timezones ;)

The wording of the question is a bit misleading here, may want to address that?

BenMcCarthy

Immerser

2 years ago

Hi ColeS,

Thank you for sending your feedback! We have updated the task to ask for the event, created just as you pointed out! I have also chatted with the QA teams to ensure we are triple-checking for this type of error! I hope you enjoyed the lab, though :)

ColeS
Bronze II
2 years ago
Was fun, thank you!

Forum Discussion

Threat Research: Cobalt Strike C2 – SIEM Analysis - Question 4

Featured Places

Help & Support Forum

Related Content

Threat Research: AMPscript Analysis

Practical Malware Analysis: Static Analysis question 18

Practical Malware Analysis: Static Analysis question 19

Threat Research: Dependency Confusion Lab

DDOS Analysis: UDP Flood (Question 8)

Recent Discussions

Kusto Query Language: Ep.7 – String Processing Q10

Cyber Kill Chain: Demonstrate Your Skills

Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2

Introduction to Metasploit: Ep.3 – Discovery

Trick or Treat on Specter Street: Morphy’s Mansion