UBUmamaheswari Binbit01net.hashnode.dev·Oct 21, 2025 · 2 min readItsyBitsy | Incident investigating using Elastic RoomLink Scenario During normal SOC monitoring, Analyst John observed an alert on an IDS solution indicating a potential C2 communication from a user Browne from the HR department. A suspicious file w00