doliver
1st place
1811 points
Awards
Hint 134
hints
Hint for You have a delivery
-5
Hint 163
hints
Hint for Case in point
-1
Hint 253
hints
Hint for 37 - Threat Detection Incident Response: Threat Center XI
-5
Solves
| Challenge | Category | Value | Time |
| Where did it go? | 3: Search - Advanced | 30 | |
| An account was successfully logged on 1 | 3: Search - Advanced | 30 | |
| Security Alerts | 3: Search - Advanced | 30 | |
| Query it REAL good | 3: Search - Advanced | 30 | |
| 38 - Threat Detection Incident Response: Threat Center XII | 0: New-Scale 101, Compromised Insider, Malicious Insider | 7 | |
| 37 - Threat Detection Incident Response: Threat Center XI | 0: New-Scale 101, Compromised Insider, Malicious Insider | 20 | |
| Ghostbusters 2 | 3.5: Investigation 101 - Using Search | 45 | |
| Ghostbusters | 3.5: Investigation 101 - Using Search | 45 | |
| Here I am | 3.5: Investigation 101 - Using Search | 40 | |
| Me, myself and whoami? | 3.5: Investigation 101 - Using Search | 40 | |
| It’s always the creds | 3.5: Investigation 101 - Using Search | 35 | |
| How many admins?! | 3.5: Investigation 101 - Using Search | 35 | |
| Let me count the ways | 3.5: Investigation 101 - Using Search | 30 | |
| Creds, creds, creds | 3.5: Investigation 101 - Using Search | 30 | |
| Path to success | 3.5: Investigation 101 - Using Search | 25 | |
| How’d you do that? | 3.5: Investigation 101 - Using Search | 25 | |
| Who did this? | 3.5: Investigation 101 - Using Search | 20 | |
| Who am i? | 3.5: Investigation 101 - Using Search | 20 | |
| Time for your injections | 3.5: Investigation 101 - Using Search | 20 | |
| Service please | 3.5: Investigation 101 - Using Search | 15 | |
| Attribution is a b*tch | 3.5: Investigation 101 - Using Search | 15 | |
| USB as well | 3: Search - Advanced | 30 | |
| Rubio, Rubio, Rubio... | 3: Search - Advanced | 30 | |
| Query it good | 3: Search - Advanced | 30 | |
| ALERT, ALERT! Bonus 2 | 3: Search - Advanced | 30 | |
| ALERT, ALERT! Bonus | 3: Search - Advanced | 30 | |
| ALERT, ALERT! | 3: Search - Advanced | 30 | |
| This one is REALLY a keeper | 3: Search - 101 | 10 | |
| This one is a keeper II | 3: Search - 101 | 10 | |
| This one is a keeper I | 3: Search - 101 | 10 | |
| Introduction to Search | 3: Search - 101 | 5 | |
| I want what I want II | 3: Search - 101 | 10 | |
| I want what I want I | 3: Search - 101 | 10 | |
| Export this IV | 3: Search - 101 | 11 | |
| Export this III | 3: Search - 101 | 11 | |
| Export this II | 3: Search - 101 | 11 | |
| Export this I | 3: Search - 101 | 11 | |
| Updates | 2: Log Stream | 10 | |
| Up to date | 2: Log Stream | 12 | |
| Parser Details II | 2: Log Stream | 11 | |
| Parser Details I | 2: Log Stream | 10 | |
| Let's do it Live! III | 2: Log Stream | 12 | |
| Let's do it Live! II | 2: Log Stream | 20 | |
| Let's do it Live! I | 2: Log Stream | 12 | |
| Introducing Log Stream | 2: Log Stream | 10 | |
| Creating Parsers | 2: Log Stream | 10 | |
| Calibration Station | 2: Log Stream | 10 | |
| Calibration Required | 2: Log Stream | 10 | |
| All Aboard! | 2: Log Stream | 12 | |
| Cloud Consumption | 1.4: Service Health and Consumption | 10 | |
| The map, the map!! | 1.3: Outcomes Navigator | 20 | |
| The map, the map! | 1.3: Outcomes Navigator | 20 | |
| Posterize your Posture | 1.3: Outcomes Navigator | 16 | |
| Improving the foundations | 1.3: Outcomes Navigator | 12 | |
| Can you hear me now? | 1.3: Outcomes Navigator | 14 | |
| Embedding the attack 2 | 1.1: Threat Center | 20 | |
| Embedding the attack 1 | 1.1: Threat Center | 20 | |
| How did it go so wrong | 1.1: Threat Center | 20 | |
| Attack of the tooling | 1.1: Threat Center | 20 | |
| Se(r)ver(e) implications | 1.1: Threat Center | 20 | |
| What went wrong? | 1.1: Threat Center | 20 | |
| Sea of Threats! 2 | 1.1: Threat Center | 20 | |
| Sea of Threats! 1 | 1.1: Threat Center | 20 | |
| Recent Releases | 0.3: Exabeam Docs | 10 | |
| 36 - Threat Detection Incident Response: Threat Center X | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 35 - Threat Detection Incident Response: Threat Center IX | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 34 - Threat Detection Incident Response: Threat Center VIII | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 33 - Threat Detection Incident Response: Threat Center VII | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 32 - Platform Insights: Outcomes Navigator III | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 31 - Platform Insights: Outcomes Navigator II | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 30 - Platform Insights: Outcomes Navigator I | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 29 - Threat Detection Incident Response: Automation Management III | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 28 - Threat Detection Incident Response: Automation Management II | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 27 - Threat Detection Incident Response: Automation Management I | 0: New-Scale 101, Compromised Insider, Malicious Insider | 20 | |
| 26 - Threat Detection Incident Response: Search Natural Language II | 0: New-Scale 101, Compromised Insider, Malicious Insider | 30 | |
| 23 - Threat Detection Incident Response: Search Timeline II | 0: New-Scale 101, Compromised Insider, Malicious Insider | 20 | |
| 25 - Threat Detection Incident Response: Search Natural Language I | 0: New-Scale 101, Compromised Insider, Malicious Insider | 40 | |
| 24 - Threat Detection Incident Response: Search Basic | 0: New-Scale 101, Compromised Insider, Malicious Insider | 35 | |
| 22 - Threat Detection Incident Response: Search Timeline I | 0: New-Scale 101, Compromised Insider, Malicious Insider | 25 | |
| 21 - Threat Detection Incident Response: Threat Center VI | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 20 - Threat Detection Incident Response: Threat Center V | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 19 - Threat Detection Incident Response: Threat Center IV | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 18 - Threat Detection Incident Response: Threat Center III | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 17 - Threat Detection Incident Response: Threat Center II | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 16 - Threat Detection Incident Response: Threat Center I | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 15 - Security Management: Threat Detection Management VI | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 14 - Security Management: Threat Detection Management V | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 13 - Security Management: Threat Detection Management IV | 0: New-Scale 101, Compromised Insider, Malicious Insider | 20 | |
| 12 - Security Management: Threat Detection Management III | 0: New-Scale 101, Compromised Insider, Malicious Insider | 25 | |
| 11 - Security Management: Threat Detection Management II | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 10 - Security Management: Threat Detection Management I | 0: New-Scale 101, Compromised Insider, Malicious Insider | 25 | |
| 9 - Attack Surface Insights: Devices | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 8 - Attack Surface Insights: Users | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 7 - Context Management II | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 6 - Context Management I | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 5 - Log Stream: Enrichment | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 4 - Log Stream: Parsers II | 0: New-Scale 101, Compromised Insider, Malicious Insider | 15 | |
| 3 - Log Stream: Parsers I | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 2 - Collection | 0: New-Scale 101, Compromised Insider, Malicious Insider | 10 | |
| 1 - Platform Overview: Start Here! | 0: New-Scale 101, Compromised Insider, Malicious Insider | 5 |