Disclaimer: This writeup is based on a Capture The Flag (CTF) challenge hosted on TryHackMe and it is intended for educational purposes only.

The Report Writing (SOC Level 2) room on TryHackMe focuses on developing the essential skills needed to create clear, professional security reports in a Security Operations Center (SOC) environment. It teaches how to document incidents, structure findings, and communicate technical details effectively to both technical and non-technical audiences. Through practical tasks, learners gain experience in summarizing investigations, presenting evidence, and producing actionable reports — an essential skill for real-world incident response and cybersecurity roles.

Task 1 Introduction

Let's go!

No answer needed

Task 2 L1 vs L2 Communication

Which SOC tier, L1 or L2, bridges the SOC and the outside world?

L2

What do L2 analysts write to summarize SOC findings (one word)?

Reports

Task 3 Leadership Communication

Should you complete the analysis after sharing the initial SOC report? (Yea/Nay)

Yea

Should you keep your team informed about the ongoing communication? (Yea/Nay)

Yea

What flag did you receive after completing the task's challenge?

THM{executive_summary_approved}

Task 4 SOC/DFIR Communication

Are L2 handover notes meant for a non-technical audience? (Yea/Nay)

Nay

What part of the handover notes lists your findings chronologically?

Attack Timeline

What flag did you receive after completing the task's challenge?

THM{trysaveme_would_be_proud}

Task 5 Responsible AI Usage

What should you provide in the AI prompt to get the best reports?

Context

Should you fully rely on GenAI for critical decision making? (Yea/Nay)

Nay

Task 6 Conclusion

Complete the room!

No answer needed