The firewall has detected a communication from a client to a site is listed as malicious. Only one client is affected.
- What has happened and what should be done to handle the issue?
Objective: Understand and contain issue(s) without any pushes to production
You can use any technology you want (ideally ones you have experience with) and any Group Security team size. * Describe what you would do and how you would act (ideally in diagram format). * Who would you talk to? * What actions would you take to contain and remediate the issue(s)?
Resources and Technologies available:
- Techops, Webops, and Dev teams.
- Slack, Jira, Confluence, ELK, Grafana, Nagios, Akamai, AWS, Cisco Firewalls, Landeks, and DarkTrace.
Back to all challenges