// Incident response
Incident Dossier & Alert Triage
From an alert, log, suspicious email or unusual IP/domain, we create a structured security dossier: identified indicators, optional enrichment, severity assessment, structured classification and a documentable report. The analysis is passive; points that cannot be substantiated are marked as assumptions.
What it is for
You have an alert, a log excerpt, a suspicious email or an unusual IP or domain — but no capacity to structure it. We turn that raw signal into a clear dossier: indicators extracted from your input, an optional passive enrichment from publicly verifiable sources, and a clear severity assessment.
What the dossier contains
- Identified indicators (IP, domain, email, file hash, CVE) from your input
- Optional enrichment from publicly verifiable sources
- Severity assessment with a documented rationale
- structured classification of typical attack and abuse patterns where supported by evidence
- Separation: substantiated observation vs. assumption
The assessment is a technical review of the submitted input. Points that cannot be substantiated are marked as assumptions, not presented as a confirmed attack.
Our limits
- Fully passive — no active testing of third-party systems
- No live access to suspicious targets and no execution of malicious code
- Optional enrichment, no exhaustive data
- No automated final verdict — unclear points are reviewed manually
- Not legal advice and no forensic evidence preservation
- No guarantee of success or completeness
What you receive
- A clear SKOPION dossier with prioritised indicators
- Severity, structured classification and recommended next steps
- Clear separation of substantiated observations and assumptions
- A format for internal documentation (optionally as PDF)
- Optional recurring observation (managed assessment)
Confidential enquiry
Send us the alert, log excerpt or the unusual IP/domain. We define the scope together — discreet and non-binding.
Get in touchPassive analysis of publicly verifiable indicators. No active testing of third-party systems, no legal advice, no guarantee of success or completeness.