In the Benign room, I investigated log data where the challenge was to determine whether activity was truly malicious or simply normal behavior. The focus was on distinguishing real threats from false positives, something SOC analysts deal with every day.
By digging through the data, I practiced separating signal from noise and gained a better appreciation for how important context is when working with SIEM alerts. This exercise showed me that not everything unusual is dangerous, and it helped sharpen my ability to make accurate judgments.
