SOC257 Investigation | VPN Login from Unauthorized Country (True Positive) | LetsDefend SOC скачать в хорошем качестве
SOC257 Investigation | VPN Login from Unauthorized Country (True Positive) | LetsDefend SOC
11 дней назад
Не удается загрузить Youtube-плеер. Проверьте блокировку Youtube в вашей сети.
Повторяем попытку...
Повторяем попытку...
Скачать видео с ютуб по ссылке или смотреть без блокировок на сайте: SOC257 Investigation | VPN Login from Unauthorized Country (True Positive) | LetsDefend SOC в качестве 4k
У нас вы можете посмотреть бесплатно SOC257 Investigation | VPN Login from Unauthorized Country (True Positive) | LetsDefend SOC или скачать в максимальном доступном качестве, видео которое было загружено на ютуб. Для загрузки выберите вариант из формы ниже:
-
Информация по загрузке:
Скачать mp3 с ютуба отдельным файлом. Бесплатный рингтон SOC257 Investigation | VPN Login from Unauthorized Country (True Positive) | LetsDefend SOC в формате MP3:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием видео, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
SOC257 Investigation | VPN Login from Unauthorized Country (True Positive) | LetsDefend SOC
In this video, we investigate SOC257 – VPN Connection Detected from Unauthorized Country (EventID 225) on the LetsDefend. This alert involves multiple VPN login attempts targeting a corporate user account from an external IP located in Hanoi, Vietnam, triggering geographic anomaly detection. Although no successful authentication occurred, the activity was confirmed as a True Positive due to repeated login attempts and MFA abuse indicators. 🔍 Investigation Summary External IP: 113.161.158.12 Target account: monica@letsdefend.io VPN portal accessed over HTTPS (443) Three OTP (MFA) emails generated All login attempts returned Incorrect OTP Code No successful VPN session established 🧠 MITRE ATT&CK Techniques T1078 – Valid Accounts T1621 – Multi-Factor Authentication Request Generation This suggests a likely credential stuffing or password guessing attempt using previously obtained credentials. 🚨 Key SOC Considerations Does the device need isolation? Is sensitive data at risk? Has a critical system been affected? Is the IP internal or external? What is the IP reputation? Is this a True Positive or False Positive? ✅ Final Outcome Verdict: True Positive No successful authentication observed Account not compromised based on logs Recommended password reset & monitoring Optional IP block per policy 🎯 What You’ll Learn How SOC analysts investigate VPN brute-force attempts Identifying MFA abuse patterns Differentiating failed compromise vs confirmed breach Mapping authentication attacks to MITRE Writing clear, structured analyst notes 📌 Alert Details Rule: SOC257 – VPN Connection Detected from Unauthorized Country Severity: Low EventID: 225 Category: Unauthorized Access 🔐 Disclaimer For educational and defensive security purposes only. 📁 My SOC Investigation Portfolio: https://inksec.io 🔗 LinkedIn: / tate-pannam-8b64b23a3 Currently building toward SOC Analyst L1 role in Melbourne. 100+ documented investigations | CDSA Certified | BTL1 in progress #SOC #LetsDefend #SOC257 #VPNAttack #MFA #CredentialStuffing #ValidAccounts #MITREATTACK #SOCAnalyst #BlueTeam #IncidentResponse #CyberSecurity #SIEM
Comments
![Включаем секретный протокол MTproxy для Telegram против замедлений. [goTelegram скрипт]](https://imager.clipsaver.ru/3O7iigCHd8U/max.jpg)
