ColeS
2 months agoBronze II
Threat Research: Cobalt Strike C2 – SIEM Analysis - Question 4
Hello, I'm trying to solve Question 4 of the "Threat Research: Cobalt Strike C2 – SIEM Analysis" lab, I've solved every other question EXCEPT that one. "What's the earliest @timestamp for the retu...
- 2 months ago
Hey folks, I consulted with a colleague who finished the lab and got the answer with their advice. Format of the answer is HH.MM.SS (periods instead of colons), and they used event.created field instead of @timestamp. Also gotta check timezones ;)
The wording of the question is a bit misleading here, may want to address that?