Michael WaltonGrey Key Security Lab (SOC Portfolio)
HomeProjectsSOC CasefilesResourcesAboutResume
Michael WaltonGrey Key Security Lab (SOC Portfolio)

Information Technology Professional. SOC / Cybersecurity Analyst focused on threat detection, incident response, and security operations.

Navigation

  • Home
  • Projects
  • SOC Casefiles
  • Resume

Connect

2026 Michael Walton. Grey Key Security Lab (SOC Portfolio).

Back to Projects

SOC Casefiles

✅ Verified Complete

Real-world incident investigation workflows with complete documentation. Demonstrates alert triage, IOC extraction, and ticket documentation skills.

SOC Operations•high priority
View on GitHub

Skills Demonstrated

  • Alert Triage
  • Incident Documentation
  • IOC Extraction
  • Ticket Notes

Tools Used

MarkdownDocumentation

Documentation

View on GitHub

SOC Casefiles

This directory contains SOC-style incident investigation writeups demonstrating real-world security analysis workflows. Each casefile follows a structured format showing:

  • Alert/Event: What triggered the investigation
  • Triage: Initial assessment and prioritization
  • Investigation: Evidence gathering and analysis
  • Findings: What was discovered
  • Resolution: Actions taken and recommendations
  • Ticket Notes: Documentation suitable for a ticketing system

Casefiles

001 - Phishing Email Triage

Status: Template
Skills Demonstrated: Email header analysis, URL/IP reputation checks, IOC extraction

002 - Brute Force Login Attempts

Status: Template
Skills Demonstrated: Authentication log analysis, IP geolocation, threat intelligence enrichment

003 - Malware/EDR Alert

Status: Template
Skills Demonstrated: Endpoint detection analysis, file hash verification, containment procedures

004 - Impossible Travel Detection

Status: Template
Skills Demonstrated: Identity event correlation, geolocation analysis, user behavior analytics

005 - Splunk Failed Login Triage ⭐

Status: Real Evidence
Skills Demonstrated: Splunk query development, SIEM dashboard analysis, log correlation
Uses Actual Evidence: References real Splunk dashboard and queries from Log-Analysis project

Playbooks

See _Playbooks/ for reusable security playbooks covering common incident types.

How to Use These Casefiles

  1. For Hiring Managers: These demonstrate practical SOC analyst skills and documentation standards
  2. For Learning: Each casefile shows a complete investigation workflow from alert to resolution
  3. For Practice: Use these as templates for documenting your own lab investigations

Note: These casefiles are based on lab environments and public sample data. They demonstrate methodology and documentation skills rather than actual production incidents.

Evidence

  • 5 complete casefiles
  • 4 operational playbooks

Related Projects