Bridging the Void: Understanding Cybersecurity From Books and Living Through Strikes

Incident Timeline : 14: 30 PM, October 12
Trigger : CrowdStrike Falcon Alert– Questionable Process Execution
Possession: Finance-DB- 03 (SQL Server, Rate- 1 Data)
Action: Initiate IR Playbook # 4– Information Exfiltration Feedback

Stage 1: Preliminary Detection & & Triage

14: 32– Alert Evaluation
Falcon Alert ID: #CS- 8832
Process: C: \ Windows \ Temperature \ sqlclient.exe
Moms and dad Refine: sqlservr.exe
Hash : a 1 b 2 c 3 d 4 e 5 ... (Unknown Track Record)

Containment Decision Matrix:

• Alternative A: Immediate host seclusion
• Danger: Disrupts active monetary deals
• Option B : Investigate first, have after verification
• Threat: Potential information exfiltration continues

Choice : Execute regulated examination with:

  # Block unidentified outgoing connections without disrupting service 
 Get-NetFirewallRule -DisplayName "TempBlock"|Remove-NetFirewallRule ...