trinetra.
cyber defense — learn
tutorials · lab 09 · soc log triage
09 / 10 · INFO
03step · do it for real

A real SIEM. Four real log lines. Your turn.

You've seen the pattern. Now spawn a SOC pod with live auth, access, and firewall logs, then assemble the intrusion timeline yourself. The flashcards on the right warm you up; the quiz checks you remember the moves when the alert fires at 3am.

Sandbox · ready to launch

Spawn soc-logs

You'll get a private SOC pod with pre-staged auth.log, nginx access.log, and firewall.log from a real incident window. Use grep, awk, and a session ID to join them into a single timeline — and recover the four evidence fields that compose the flag.

medium 275 xp ~45 min SOC pod · 512 MB · read-only logs
1Identify the brute-force source IP from auth.log
2Trace what was read after successful login (session pivot to access.log)
3Confirm outbound exfil destination in firewall.log + assemble flag
Warm-up · 12 flashcards & 10 questions
Question
click to reveal · ← → keys to browse
Answer
click again to flip back
01 / 12