SOC Operations & Incident Response

Source: Firewall Logs (FortiGate)

Indicators: Abnormal session spikes, SYN floods

Detection

• Monitored traffic anomalies via FortiGate logs
• Identified repeated IP patterns and session exhaustion

Response

• Applied rate-limiting & geo-blocking
• Blocked malicious IP ranges
• Escalated to ISP & SOC lead

Outcome

Service availability restored with zero data loss.

Tool: Trellix Endpoint Security

Detection

• Suspicious process execution
• Outbound C2 traffic detected

Response

• Isolated endpoint from network
• Performed IOC analysis
• Re-imaged system & updated policies

Outcome

Threat neutralized, no lateral movement.