Set 9

---

81. SOC Monitoring – Extract Intrusion Indicators

Scenario SOC analysts need to quickly isolate intrusion indicators from security logs.

Instructions:

• Navigate to ~/kactii29

• Create folder intrusion_indicators

• Assume security.log exists

• Extract lines containing INTRUSION

• Save output to intrusion.log

Commands Expected: grep, output redirection

---

82. Capacity Monitoring – Directory Usage Snapshot

Scenario SOC monitoring dashboards require periodic disk usage snapshots.

Instructions:

• Navigate to ~/kactii29

• Create capacity_monitoring

• Measure directory disk usage

• Display in human-readable format

• Save output to capacity_snapshot.txt

Commands Expected: du -h

---

83. Access Monitoring – Active User Snapshot

Scenario SOC team needs real-time evidence of currently logged-in users.

Instructions:

• Navigate to ~/kactii29

• Create access_monitoring

• Capture logged-in users

• Append date and time

• Save to access_snapshot.log

Commands Expected: who, date, output redirection

---

84. Tool Validation – SOC Utility Check

Scenario SOC automation relies on specific utilities being available.

Instructions:

• Navigate to ~/kactii29

• Create soc_tools_check

• Locate paths for grep, ss, and uptime

• Save output to soc_tools.txt

Commands Expected: which

---

85. Service Monitoring – Scheduler Health Check

Scenario SOC jobs depend on the scheduler; its availability must be verified.

Instructions:

• Navigate to ~/kactii29

• Create scheduler_monitoring

• Check cron service status

• Start service if inactive

• Save output to scheduler_health.txt

Commands Expected: systemctl status, systemctl start

---

86. Task Visibility – Pending Deferred Jobs

Scenario SOC wants visibility into all one-time scheduled tasks.

Instructions:

• Navigate to ~/kactii29

• Create task_visibility

• List all scheduled at jobs

• Save output to at_jobs.log

Commands Expected: atq

---

87. Runtime Monitoring – Environment Variable Snapshot

Scenario SOC analysts need runtime environment context for incident correlation.

Instructions:

• Navigate to ~/kactii29

• Create runtime_monitoring

• Display all environment variables

• Save output to runtime_env.log

Commands Expected: printenv

---

88. Network Monitoring – Listening Port Snapshot

Scenario SOC needs visibility into open listening ports on the host.

Instructions:

• Navigate to ~/kactii29

• Create network_monitoring

• Capture all listening TCP and UDP sockets

• Save output to network_ports.log

Commands Expected: ss -tuln

---

89. Indicator Cleanup – Unique Sorted Alerts

Scenario SOC team needs a clean list of unique alert identifiers.

Instructions:

• Navigate to ~/kactii29

• Create alert_cleanup

• Assume alerts.log exists

• Sort and remove duplicate entries

• Save to unique_alerts.txt

Commands Expected: sort, uniq

---

90. Availability Monitoring – Uptime Evidence

Scenario SOC requires confirmation of system availability during monitoring windows.

Instructions:

• Navigate to ~/kactii29

• Create availability_monitoring

• Capture system uptime

• Append timestamp

• Save to availability_monitor.log

Commands Expected: uptime, date, output redirection

---