Module 4 practical

Monitoring and Incident Review VM

Work through an active AI security investigation the way a blue-team analyst would: review telemetry, define detections, triage the incident, contain the risky workflow, and verify recovery before release.

Review the incident evidence and telemetry
Document the detections and triage findings
Harden alerting, containment, and recovery controls
Deploy the defended workflow and run replay

Live browser workstation inside the recap room.

Security Workbench

Editor

README.md

/home/analyst/README.md read only clean

Analyst Terminal

Console

Analyst terminal

Mission Control

Apps to use

Case Files Read the telemetry, alerts, and incident evidence.

Workbench Write detections, triage, and response controls.

Terminal Validate, deploy, and replay.

Next step

Progress

Review the evidence
Document detections
Complete triage notes
Harden runtime controls
Deploy the defended config
Pass replay

Status

Working copy
Active config
Replay

Replay results