The presentation will focus on on answering those questions that your tier-1 SOC operator is faced with on a daily basis: Is this website/e-mail malicious? If it is malicious what is it exploiting (are we exposed)? What can we do to protect ourselves? We will review the on-line tools that are currently available (such as passivetotal, webpulse, showmycode, base64decode) to triage potential incidents and to answer the above questions. The target audience is SOC team members, junior incident responders, and the occasional senior incident responder who is forced to work in an environment where they don’t have access to the OS tools of their choice.