This project focused on investigating a high-severity port scanning alert using SIEM analysis. The goal was to analyze network logs, identify attack patterns, and classify the incident as either a true positive or false positive, demonstrating practical SOC analyst skills.
Ref 1: SIEM Alerts Dashboard - Alert #167 Port Scanning Activity from IP 10.0.0.8
Identified high-severity alert indicating port scanning from internal IP 10.0.0.8. Clicked ACKNOWLEDGE to take ownership of the investigation.
Ref 2: Alert status changed to “Investigate in SIEM”
Alert acknowledged and transitioned to investigation phase for detailed SIEM analysis.
Ref 3: SIEM showing 4,300 events from IP 10.0.0.8 to 10.0.0.3
Analysis revealed:
Multiple peaks indicated automated scanning behavior.
Ref 4: Traffic pattern analysis confirming automated scanning
All 4,300 connections from single source (10.0.0.8) targeting multiple ports. Source hostname “NESSUS” identified as legitimate vulnerability scanner.
Ref 5: Classification decision point
Determined classification:
Decision: False Positive - authorized internal vulnerability assessment by security team using Nessus scanner.
Ref 6: Investigation resolution confirmation
Confirmed authorized Nessus scan from 10.0.0.8 to JOE PC by internal security team.
Flag Captured: THM{000_INTRO_TO_SOC}
Ref 7: Alert closed with RESOLVED status
Alert #167 closed and marked as RESOLVED - authorized activity documented.
Ref 8: TryHackMe completion
Completed with 128 points, 7/7 tasks, Easy difficulty.
Platform: TryHackMe - SOC Fundamentals Room
Completion Date: June 2024
Course: ITECH1502 Cybersecurity Fundamentals
Institution: Federation University Australia
Flag Achieved: THM{000_INTRO_TO_SOC}
Tool | Purpose |
---|---|
TryHackMe | Hands-on cybersecurity training platform |
SIEM System | Security event log aggregation and analysis |
Network Analysis | Traffic pattern examination and investigation |
Alert Management | Incident tracking and response workflow |
soc-fundamentals-investigation/
│
├── README.md # Project documentation
├── screenshots/ # Investigation screenshots
│ ├── 01-alert-dashboard.png
│ ├── 02-alert-acknowledged.png
│ ├── 03-siem-analysis.png
│ ├── 04-traffic-patterns.png
│ ├── 05-decision-point.png
│ ├── 06-investigation-result.png
│ ├── 07-alert-closed.png
│ └── 08-challenge-complete.png
│
└── documentation/
└── project-report.pdf # Full project report (5 pages)
This repository documents practical SOC operations and incident response skills:
For more cybersecurity projects and demonstrations, please visit my complete portfolio:
This project is part of academic coursework for ITECH1502 Cybersecurity Fundamentals at Federation University Australia.
Last Updated: October 2025