Module 1

Security Alerts

Review AI-generated alerts from the intrusion detection system. Click Explain to view the XAI explanation, then Acknowledge to claim an alert for investigation.

Total:
Acknowledged: 0
DDoS:
Brute Force:
Port Scan:
Other:
# Actions Src IP Dst IP Type Verdict
Module 2 — Wireshark Investigation

Wireshark Investigation

Your Wireshark session is pre-loaded with the investigation PCAP file. Paste your assigned session URL below and click Connect — Wireshark will open and your session will be recorded automatically.

Wireshark Session ● NOT CONNECTED
⚡ Recording starts automatically on connect | 🔒 Your session URL is assigned by the instructor | 📁 PCAP file is pre-loaded
⏺ RECORDING
⚠ Browser does not support screen recording. Use Chrome or Edge.
RECORDING 🕐 00:00
Not connected Wireshark via noVNC
🔬
Wireshark session not connected
Enter your session URL above and click Connect
Module 3

Incident Report

Complete all four sections based on your alert analysis and PCAP investigation. Screenshots from Wireshark should be attached as evidence.

💾

Saved progress found. Your previous session was automatically saved. Would you like to restore it?

📋

Incident Report

40 pts total
Auto-save on
Your Name
Timeline of Events 10 pts
Guidance Review alerts and identify TRUE positives. Describe the sequence of attack events you confirmed, ordered chronologically. Focus on what the attacker did and when, based on the confirmed alerts only.
Targets 10 pts
Guidance List the IP addresses of the victim machines involved in the confirmed attack events.
Event Details with Evidence 10 pts
Guidance For each confirmed event in your timeline, provide a screenshot from your PCAP analysis and a 1–2 sentence explanation of what the screenshot shows and why it constitutes evidence.
Preventative Actions 10 pts
Guidance For each confirmed attack type (Port Scan, Brute Force, HTTP DDoS), research and list realistic preventative measures an organisation could implement.
📊 Score Tracker
Timeline of Events
0/10
Targets
0/10
Event Details
0/10
Preventative Actions
0/10
Total Progress 0/40
✅ Report Checklist
  • Name and date filled in
  • At least one timeline event added
  • Victim IPs identified
  • Target description written
  • At least one evidence item with screenshot
  • Explanation written for each screenshot
  • Prevention actions added
  • All alerts triaged (TP or FP)
🚨 Acknowledged Alerts
  • No alerts acknowledged yet
Session Tracking

Activity Log

Every interaction is recorded automatically — alert explanations viewed, alerts acknowledged, incident report edits, tab switches, and more. Export as CSV for submission or instructor review.

Total events: 0
Alert interactions: 0
Report edits: 0
PCAP / Recording: 0
Session started:
# Wall Clock Elapsed Category Event Detail
No events yet.