Alerts
25
6 closed
Alerts Escalated
15
3 insufficient · 1 Unknown
Cases Created
0 closed
Cases Escalated
14
0 held · 1 Unknown
Shift 8: The Question Nobody Asked
Shift 8 produced 14 immediate escalations, domain controller compromise, and a krbtgt rotation requirement. The agents performed. The process didn't ask the right question.
TORA — Shift 8 in Review
A five-day shift dominated by overlapping phishing campaigns and active DNS tunneling across multiple corp.local assets, with confirmed credential submissions on production jump servers and a Cobalt Strike fast-flux signal on the Active Directory server. This shift produced 15 escalations, 8 of them P1, and revealed systemic O365 gateway delivery failures across all major campaign domains.
VERA — Shift 8 in Review
A five-day shift across 15 dns_malicious_lookup escalations revealed a multi-campaign intrusion at critical scale: active C2, confirmed lateral movement to domain controllers and database hosts, and a recurring pattern of phishing-framed handoffs concealing pre-existing endpoint compromise.