Episode 2 of 5
Tuesday, 10:15 AM. A Finance analyst reports a suspicious invoice. Tess calls it a 'teaching moment.' Then Eli checks his feeds.
This episode focuses on the investigation skills below. Sign up to work the live case — no spoilers, answers, or IOCs are shown here.
Inspect phishing emails, headers, and indicators the way a SOC email specialist would.
Cross-check IOCs and campaign context to decide what is noise and what is real.
Correlate SIEM events into a timeline and follow the attack across systems.
Follow one incident from first alert to containment across five episodes.