Forum Discussion

Bronze II

10 months ago

Solved

Threat Research: Cobalt Strike C2 – SIEM Analysis - Question 4

Hello, I'm trying to solve Question 4 of the "Threat Research: Cobalt Strike C2 – SIEM Analysis" lab, I've solved every other question EXCEPT that one. "What's the earliest @timestamp for the retu...

help & support

ColeS
10 months ago
Hey folks, I consulted with a colleague who finished the lab and got the answer with their advice. Format of the answer is HH.MM.SS (periods instead of colons), and they used event.created field instead of @timestamp. Also gotta check timezones ;)

The wording of the question is a bit misleading here, may want to address that?

BenMcCarthy

Immerser

10 months ago

Hi ColeS,

Thank you for sending your feedback! We have updated the task to ask for the event, created just as you pointed out! I have also chatted with the QA teams to ensure we are triple-checking for this type of error! I hope you enjoyed the lab, though :)

ColeS

Bronze II

10 months ago

Was fun, thank you!

Forum Discussion

Threat Research: Cobalt Strike C2 – SIEM Analysis - Question 4

Featured Places

Help & Support Forum

Related Content

Practical Malware Analysis: Static Analysis question 18

Practical Malware Analysis: Static Analysis question 19

Threat Research: Dependency Confusion Q8

How to Answer a Question

How to Ask a Question

Recent Discussions

Incident Response: P2 - stuck on Q11

Python: Expert Challenge 3

Haunted Hollow 2023: Haywire Host

CVE-2024-0012 and CVE-2024-9474 (Palo Alto PAN-OS) – Offensive Question

Kusto Query Language: Ep.9 – Parsing Complex Data Types.