This is the ALERTS Pane. Within this view, you’re presented with the alerts relevant to your investigation.
In this instance, we’re viewing the C2 (Command and Control) alerts
C2 type alerts are prevalent after initial infection, but before expansion. During this phase of a ransomware campaign, the attacker is gathering data about how many initial infections were successful, and testing out control mechanisms for future expansion. Alerts within this phase Can range from various beaconing activities to active DNS tunneling and Domain Generation Algorithm utilization. Here, we have highlighted a DNS Tunneling alert to triage
This pane also allows an analyst to see if any other analysts have previously seen, triaged, or commented on any given alert indicator, as depicted by the green circle with three dots
.png)
