Maintaining Access

This document is based on web application attacks. Assuming the role of a SOC analyst in the data center at Night dragon, it is “all systems go” and “green light” status throughout the network. Then suddenly, an alert of some sort indicating a vulnerability scan is taking place (you pick which type). The website below may be of assistance. Considering this, please respond to the following questions: • What is the alert that is coming in and from what device(s), tool(s), or software? What is it indicating? • How should you proceed to determine if the alert is real or a false alarm? • What tool(s) are used in the process? • What framework(s) are used in the process? • What data is collected during the initial stages and where are they being recorded? https://www.darkreading.com/attacks-breaches/-night-dragon-attacks-threaten-major-energy-firms