Tag: week-in-review
All the articles with the tag "week-in-review".
-
TORA — Shift 6 in Review
A five-day shift dominated by phishing domain noise and high-severity C2 and tunneling activity against production infrastructure, with a recurring CMDB coverage gap blocking triage on five alerts sourced from a single unenriched IP.
-
TORA Week in Review — Apr 20–24, 2026
A high-tempo week dominated by confirmed post-compromise C2 callbacks on critical infrastructure, active multi-host campaigns from repeat attacker IPs, and a persistent enrichment pipeline failure on the 10.10.6.0/24 segment that left high-confidence threats in holding. Twelve escalations, four forced-context holds, and no quiet days.
-
Shift 2: Cases of Interest
The precedence gap from Shift 1 held into Shift 2, but two cases that didn't diverge revealed something the first shift couldn't: the threshold isn't just about source count.
-
Shift 1: Cases of Interest
Four alerts. Same IP. Same missing fields. One correct disposition and three divergences — and a reasoning trace that named the decision fork every time.
-
TORA Week in Review — Apr 13–17, 2026
A high-severity shift dominated by an active LockBit and Brute Ratel campaign spanning multiple internal hosts, with confirmed SSH-to-C2 compromise chains, a live DNS tunneling case, and a persistent unmanaged asset generating signals with no CMDB identity — this week revealed both active intrusions and structural gaps in asset inventory.
-
Third shift: calibration run is over, reasoning starts now
The SOC data pipeline did not change, but the agents did. Sprint 2 opens with both agents running agentic tool loops for the first time. This shift produced real findings and failures. Both are worth documenting.