Brandon-Cybersecurity/soc-investigations

# SOC Investigations This repository contains SOC-style security investigation writeups based on realistic enterprise alert scenarios. The goal is to demonstrate structured thinking in security operations, including alert triage, log analysis, and incident response decision-making. ## 🔍 What this includes - Authentication anomaly investigations - Suspicious login and access patterns - Incident triage workflows - Log analysis and timeline reconstruction - Basic MITRE ATT&CK mapping ## ⚙️ Investigation Approach Each case follows a consistent SOC workflow: 1. Alert triage 2. Log review 3. Pattern analysis 4. Hypothesis building 5. Validation 6. Severity assessment 7. Recommended response ## 📁 Structure - `investigation-template.md` → standard SOC workflow template - `case-001-*.md` → individual investigation scenarios ## 🎯 Purpose This repo is a practical demonstration of SOC analyst thinking applied to realistic security events in enterprise environments.