SOC N1 Triage: Endpoint Edr Alert Powershell
Organization: Zeroday Retail
Case ID: ZCA-IR-022
Reported: 2026-02-02T11:50:07Z

Scenario:
A security alert was generated indicating suspicious activity that may represent an incident. You are the SOC analyst on duty.

Your tasks (do not include your final answers in this file):
- Determine whether this is a true positive and categorize the incident.
- Identify the affected asset(s) and user(s).
- Extract key IOCs (IPs/domains/URLs/processes).
- Establish a timeline of events.
- Determine the likely initial access vector.
- Recommend containment actions.

Deliverables:
- A short incident summary (what happened, when, where, impact).
- A timeline.
- IOC list.
- Containment + eradication recommendations.

Evidence:
See the EVIDENCE/ directory. Artifacts are text-only.