Use Cases¶
Real-world security scenarios and how to handle them with BSOT.
📧 Phishing Investigation¶
Analyze suspicious emails end-to-end: parse headers, extract IOCs, check reputation, and generate reports.
You'll learn:
- Parsing email headers
- Extracting and enriching IOCs
- AI-powered email analysis
- Generating investigation reports
🦠 Malware Triage¶
Quick static analysis to determine if a file is malicious without executing it.
You'll learn:
- File identification and hashing
- Entropy analysis for packer detection
- PE file analysis
- YARA scanning
- String extraction
🚨 Incident Response¶
From detection to containment to documentation - a complete IR workflow.
You'll learn:
- Case management
- Evidence collection
- Containment procedures
- Report generation
- Timeline creation
🔍 Threat Hunting¶
Proactively search for threats in your environment using threat intelligence.
You'll learn:
- IOC enrichment at scale
- Log searching and analysis
- File system hunting
- Process analysis
📊 Log Analysis¶
Find attack patterns in authentication and system logs.
You'll learn:
- Log parsing and statistics
- Brute force detection
- Password spraying detection
- Privilege escalation detection
Quick Comparison¶
| Use Case | Time | Skill Level | Key Modules |
|---|---|---|---|
| Phishing Investigation | 15-30 min | Beginner | phishing, intel |
| Malware Triage | 15-30 min | Intermediate | malware, file |
| Incident Response | 1-4 hours | Advanced | ir, report, intel |
| Threat Hunting | 1-2 hours | Intermediate | intel, logs, system |
| Log Analysis | 30-60 min | Beginner | logs |
What's Next?¶
After working through these use cases, check out:
- Module Reference - Deep dive into each module
- Examples - More command examples
- CLI Reference - Complete command reference