Problem
The colonial pipe line You are assuming the role of a SOC analyst in the data center at the organization of your choosing. Currently, it is all systems go and green light status throughout the network. Then suddenly, you get an alert of some sort indicating a vulnerability scan is taking place (you pick which type).
Considering this, respond to the following questions for your initial post:
1) What is the alert that is coming in and from what device(s), tool(s), or software? What is it indicating?
2) How are you proceeding to determine if the alert is real or a false alarm?
3) What tool(s) are you using from chapters 2 through 7 in your process?
4) What framework(s) are you using from chapters 2 through 7 in your process?
5) What data are you collecting during your initial stages and where are you recording it?