Enigma Glass Case Studies
These Case Studies utilize data already on the Enigma Glass platform, and recontextualizes this data to fit in with each unique investigation. Students are provided with the background scenario, and then are tasked with navigating the SIEM to investigate and search for evidence of insider threats, data integrity issues, and false positives.
Throughout the Case Studies, students are asked questions to track their progress and challenge them to think critically. Each case study ends with research questions aimed at increasing student knowledge and awareness of the threats and finishes with a threat intelligence report that tasks students with summarizing what they have done, and what they have learned in this case study.
Threat Intelligence Report Template
| Category | Description | Hint |
|---|---|---|
| Event (general - what type of event occurred against your organization) | Quick overview of the event. You can find this information in in the alerts pane of Enigma Glass and through your analysis | |
| Target | You can find this information in the alerts pane of Enigma Glass | |
| Attack Type | Internet Research; What type of campaign was this? | |
| Remediation Actions | Read the following article to determine remediation actions | |
| Preventative Actions (Lessons Learned) | QInternet Research: List some potential security measures that could prevent this type of event |