Challenge 2 Explanation: Cross Reference

Being able to translate data gathered through OSINT into actionable information is a very important skill in cybersecurity. Often OSINT reveals new tactics and techniques that malicious users might employ; therefore, taking information gathered using OSINT and translating that information into a real-world defensive plan is very valuable.

To answer the questions for this challenge, you must cross reference the provided OSINT data about malicious IP addresses with the IP addresses in the log file.

Question 1 asks you to identify the first malicious IP address that accessed the web server. To answer this question, compare the IPs found in the access log and to the malicious IPs in the provided list. In this case, the answer is “36.37.39.204”.

Question 2 is answered in much the same way. Simply identify the second malicious IP in the log, “178.34.15.6”.

For questions 3 and 4, count the number of times each malicious IP appears and determine which one appears the most. The answer is “36.37.39.204”, which appears 5 times in the log.