We detected unusual spikes in outbound traffic from one of our production servers, along with suspicious login attempts from unknown IP ranges. Our SIEM has flagged several anomalies, but we currently lack the internal expertise to verify, contain, and investigate the incident.

We need an Incident Response professional to perform an urgent investigation.

Current Challenges:

• Unverified signs of compromise
• Suspicious outbound network traffic
• Several failed login attempts from foreign location
• No incident timeline or event correlation
• Lack of a documented IR playbook
• No post-incident recovery guidelines

Required Deliverables:

• Full forensic investigation of servers and logs
• Identification of root cause and attack vector
• Containment and eradication of active threats
• Hardening recommendations for preventing recurrence
• Development of an Incident Response Playbook for future attacks
• A final forensic report with all artifacts and findings

Required Expertise:

• DFIR (Digital Forensics & Incident Response)
• SIEM analysis (Splunk, ELK, etc.)
• Threat containment
• Malware detection & server forensics
• Hands-on mitigation skills