An endpoint detection tool alerts you that a suspicious executable was detected on a user's workstation. Walk through how you would investigate this potential malware infection using available logs and IOCs.

Sample answer preview

Investigating a potential malware infection requires a methodical approach that combines multiple data sources to understand the scope, severity, and origin of the threat. Here is how you would work through this investigation as an L1 SOC analyst.