Incident Response Edition is a training package with plenty of practical opportunities prepared for those who want to pursue a career in the field of incident response and those who want to improve their current skills.
You can progress in the most efficient way by completing the courses in the training area first, and then solving the cases on the "Monitoring" page.
We have a training module on how to run the incident response process on Windows and Linux systems.
What needs to be done here is to follow the topics in accordance with the order, to read the theoretical information thoroughly and then to practice in the "Hands-On Practice" and "Questions" areas just below. In order to answer the questions, you need to connect to the “Hands-On Practice” system and perform the required analysis.
There are 2 different roles on LetsDefend. Security Analyst and Incident Responder roles. You can use the button at the top right of the page to change your role.
A user with the “Incident Responder” role has all the resources that “Security Analysts” can access. In addition, it has the following features:
A user with the Incident Responder role will encounter more different and complex alarms on the monitoring page.
Additional playbooks have been prepared to solve these cases.
They can access the official write-ups after the alarm is turned off.
I have completed the Incident Responder Alerts
You can access other alerts by switching your role to Security Analyst.
When the existing logs are not sufficient or when memory analysis is desired those who want to perform different controls on the live system can directly connect to the Linux / Windows operating systems by pressing the "Connect" button on the hostname they chose and perform the analysis. The preparation time of the machine takes an average of 1-3 minutes for Linux and 2-5 minutes for Windows.
Problems may occur from time to time while Windows is trying to connect to the system, for example, when the machine is ready but not visible on the screen, you need to refresh the page. If the same problem occurs again, you need to try again after about 1 minute. This is an issue we are aware of, it will be fixed in the next update.
There are 2 different roles on LetsDefend. Security Analyst and Incident Responder roles. You can use the button at the top right of the page to change your role.
Official write-ups can be accessed after the alert is closed.
You can see only 10 alerts at a time on the monitoring page. New alerts will continue to populate as you close the alerts.
Currently, there is not connectivity for all the systems included in Endpoint Security. If you think the device needs to be connected, please contact us.
You can share the error you received with us with a screenshot via https://app.letsdefend.io/contact/ or on our Discord channel (https://discord.gg/NxU3uwHZtd) to get a faster response.
When you finish all Security Analyst and Incident Responder alerts, you can continue to improve yourself from DFIR and Malware Analysis cases under "Additional" on the left navigation panel.