NeoCohorts SIEM

Assign yourself to an alert, move it to "In Progress", and start the triage!
How this works:
  1. Click any alert row to expand its details (host, process, file paths, comments, etc).
  2. Use the pencil icon to assign yourself, and the status/verdict badges to update them as you triage — just like a real SOC ticket.
  3. Scroll down to the Triage Quiz and answer each question based on what you found. Some are dropdowns, some are short text answers.
  4. Answers are graded instantly and privately — wrong guesses don't cost you anything, so try again if needed.
  5. Once all questions are correct, click Reveal Flag and submit that flag where instructed.
Time Name Severity Status Verdict Assignee Actions
Mar 21st 2025 at 13:58 Double-Extension File Creation High Awaiting action None None
Mar 21st 2025 at 13:30 Potential Data Exfiltration Critical Awaiting action None None
Mar 21st 2025 at 13:02 Download from GitHub Repository Low Awaiting action None None
Mar 21st 2025 at 12:40 Unusual VPN Login Location Medium Closed False Positive N.Stephanie (L1)
Mar 21st 2025 at 11:53 Bruteforce Attack from External Medium Closed True Positive A.Gifty (L2)

Triage Quiz

Answer based on what you found above. Every answer is graded on the server — correct answers are never sent to your browser.

0 / 0 solved