While investigating a security event, the Tier 1 SOC analyst will have a set of objectives or questions they should answer. Match each objective to its description.

To match each objective with its appropriate description in the context of a Tier 1 SOC analyst’s responsibilities:

1. Who – Determines the type of malware that raised the alert. This objective focuses on identifying the specific malware involved in the security event.
2. Where – Defines the originating source of the attack. This pertains to identifying the location from which the attack was launched.
3. Why – Describes the basic functionality of the malware and/or how it might be leveraged. This is about understanding the purpose or intent behind the malware’s deployment.
4. How – Describes the initial system intrusion methods and/or infection vectors used by the malware. This involves understanding the techniques or pathways the malware used to infiltrate the system.
5. When – Defines the observed date and time the event occurred. This is crucial for establishing a timeline of the security incident.
6. What – Defines the threat actor’s location. This objective is focused on identifying the geographical or network location of the threat actor.

These objectives help a SOC analyst to construct a comprehensive understanding of the security event, from identifying the nature of the threat to understanding its origins, purposes, and methods of execution.