Skip to content
Back

// Incident response

Incident Dossier & Alert Triage

From an alert, log, suspicious email or unusual IP/domain, we create a structured security dossier: identified indicators, optional enrichment, severity assessment, structured classification and a documentable report. The analysis is passive; points that cannot be substantiated are marked as assumptions.

What it is for

You have an alert, a log excerpt, a suspicious email or an unusual IP or domain — but no capacity to structure it. We turn that raw signal into a clear dossier: indicators extracted from your input, an optional passive enrichment from publicly verifiable sources, and a clear severity assessment.

What the dossier contains

  • Identified indicators (IP, domain, email, file hash, CVE) from your input
  • Optional enrichment from publicly verifiable sources
  • Severity assessment with a documented rationale
  • structured classification of typical attack and abuse patterns where supported by evidence
  • Separation: substantiated observation vs. assumption

The assessment is a technical review of the submitted input. Points that cannot be substantiated are marked as assumptions, not presented as a confirmed attack.

Our limits

  • Fully passive — no active testing of third-party systems
  • No live access to suspicious targets and no execution of malicious code
  • Optional enrichment, no exhaustive data
  • No automated final verdict — unclear points are reviewed manually
  • Not legal advice and no forensic evidence preservation
  • No guarantee of success or completeness

What you receive

  • A clear SKOPION dossier with prioritised indicators
  • Severity, structured classification and recommended next steps
  • Clear separation of substantiated observations and assumptions
  • A format for internal documentation (optionally as PDF)
  • Optional recurring observation (managed assessment)

Confidential enquiry

Send us the alert, log excerpt or the unusual IP/domain. We define the scope together — discreet and non-binding.

Get in touch

Passive analysis of publicly verifiable indicators. No active testing of third-party systems, no legal advice, no guarantee of success or completeness.