This is good information. it does leave out one critical part in the beginning: whether the employee took action on the email. If the employee simply opened the email, and realized it was spam/phishing/etc, they could simply just report it, mark it as spam/phishing, allow a cyber review of the email, and then delete once in the clear. If they do take action shes giving good steps to take.
Finally started, Thanks for starting this session, It will help alot, please include Real time SIEM Scenario questions & answer with use cases, Thanks in Advance & Have a great year ahead 🙂
Hi Mam, Can you make videos on below mentioned Topic, as in whole youtube No one has done till now, So i request to please make "How to create use cases & How to Develop use cases with correlation Rules for All SIEM" Thanks in Advance Have a Great year ahead.
Hello madam, this video is really awesome. I have a question. If email is opened then it is fine. If user has accessed any attachment or links then it should be necessary to isolate. Pls confirm
Ma'am, If the user has not opened/accessed any contents of the email in the first question. Is it still necessary to perform the device isolation, disabling the user from AD.?
Hi, Priya, the user is the one who is reporting the email (so they have at least opened the email) and the analyst is sure is a malicious one in this scenario. So, the immediate action is isolation. But if the user has not opened the email at all, you don't have to consider this.
Hi Ma'am, I have googled this. "If you open an email from a scammer without interacting with it, it won’t infect your machine, but the scammer will be able to gather data to use for targeted cyber attacks. For example, the scammer may be able to gather your IP address, the Operating System (OS) that you use and your location"
Thank you. I am not an IT specialist, and all this is fascinating. I have a question. If that employee (who actually paid attention to the IT security training) had not opened that suspicious email, do you need to take all those steps that are hugely disruptive? Can you not contain the suspicious email and analyse it? I think it is more likely that you need to worry about the others in the organisation because the phishing attack might have been deployed at a larger scale and not all employees are as careful as the one who reported it. What would you do? Scan all network for that (and similar) email, isolate it, see on what devices it was open and quarantine those? PS- I love your Eastern European accent (is it Romanian? Hungarian?). Many thanks.
This is good information. it does leave out one critical part in the beginning: whether the employee took action on the email. If the employee simply opened the email, and realized it was spam/phishing/etc, they could simply just report it, mark it as spam/phishing, allow a cyber review of the email, and then delete once in the clear. If they do take action shes giving good steps to take.
i was thinking this in an interview you have to ask what actions where taken
Finally started, Thanks for starting this session, It will help alot, please include Real time SIEM Scenario questions & answer with use cases, Thanks in Advance & Have a great year ahead 🙂
Thanks for your help ❤
You're welcome 😊
Love it🎉🎉🎉🎉. I learned a lot how to approach the suspicious email
Hi Mam,
Can you make videos on below mentioned Topic, as in whole youtube No one has done till now,
So i request to please make
"How to create use cases & How to Develop use cases with correlation Rules for All SIEM"
Thanks in Advance Have a Great year ahead.
Thanks alot , keep educating us❤
How to start career as SOC what are the basic tools and knowledge to have while appearing for SOC Analyst
Thanks . Very informative videos
Glad it helped!
Excellent session and very informative
thank you help a lot of information sharing.
Glad it was helpful!
Very informative
Informative video
Do you guys offer classes?
thankyou for this, have an interview tomorrow.
How did it go. ?
Hello madam, this video is really awesome. I have a question. If email is opened then it is fine. If user has accessed any attachment or links then it should be necessary to isolate. Pls confirm
These questions are relevant for which level..? L1 , L2 or L3.....
All positions mainly L1 and some l2
Ma'am, If the user has not opened/accessed any contents of the email in the first question. Is it still necessary to perform the device isolation, disabling the user from AD.?
Hi, Priya, the user is the one who is reporting the email (so they have at least opened the email) and the analyst is sure is a malicious one in this scenario. So, the immediate action is isolation. But if the user has not opened the email at all, you don't have to consider this.
Opening email and opening attachments... Any different process for these two scenarios??
Hi Ma'am, I have googled this. "If you open an email from a scammer without interacting with it, it won’t infect your machine, but the scammer will be able to gather data to use for targeted cyber attacks. For example, the scammer may be able to gather your IP address, the Operating System (OS) that you use and your location"
Can we get pdf of these questions?
can I get the introduction for secuirty anaylst
Its just like reading the text from chatgpt or google resources
Thank you. I am not an IT specialist, and all this is fascinating.
I have a question. If that employee (who actually paid attention to the IT security training) had not opened that suspicious email, do you need to take all those steps that are hugely disruptive? Can you not contain the suspicious email and analyse it?
I think it is more likely that you need to worry about the others in the organisation because the phishing attack might have been deployed at a larger scale and not all employees are as careful as the one who reported it. What would you do? Scan all network for that (and similar) email, isolate it, see on what devices it was open and quarantine those?
PS- I love your Eastern European accent (is it Romanian? Hungarian?).
Many thanks.
Very informative