Fast threat detection & remediation

Incident Response

What happened, how it happened & How to resolve it

Our team will perform a comprehensive forensic and log analysis to identify what happened, how it happened and the best course of action to resolve the breach. We will work with your organisation and any incident response procedures that are in place to provide assistance (Annual IR retainer options available).

Forensic & Log Analysis

Our team will perform a comprehensive forensic and log analysis to identify what happened, and how it happened.


Enable your business to access the technical resources required to respond to a breach in an agreed timeframe.

TIMELINE based reports

All findings are documented in a timeline-based report, detailing all findings and recommended remediation actions.

SIEM Integration

We use industry-leading siem software to detect & Analyse threats

Our team has extensive experience with a wide array of industry-leading SIEM platforms and are ready to assist you with everything from a brand new implementation through to specific use case integrations.


A SIEM (Security Information and Event Management) service centralises logs within an environment for both security monitoring & incident response purposes.


We will design and implement an effective SIEM tailored to your business.


We will identify key areas to mature the detection capabilities effectiveness of your SIEM.

case studies

product used
The Problem

EVENTS AND LOGS are not monitored to detect attack

While most businesses have numerous security controls in place, the events and logs from these sources are not centralised, correlated or monitored to detect various stages of a cyber-attack.
The Solution

Alchemy identify critical assets and design a SIEM

Alchemy worked with key stakeholders to identify business critical assets, information and processes. Using this information a SIEM was designed and implemented to centralise logs and events while enabling the business to proactively correlate and identify threats within all tiers of their environment.

The Impact

effective identification & Defence against attack

This gave the business granular visibility across their environment, enabling them to proactively identify and defend their business against advanced attacks.

Product Used

Splunk was used to mature defensive capabilities

Splunk is still considered the industry standard SIEM product on the market, we have utilised the flexibility of this product across a wide range of customers to dramatically mature the defensive capabilities of our customers.


They UnderstooD emerging tecHnology and threats

AlchemySec is my go-to Cyber Security Consultancy, Every. Time. They are quick to answer an email for the “easy” questions, or give you the detail you need to convey an issue to a client. Having worked in both the Enterprise space, as well as the Small-to-Medium business, they understand what you are trying to achieve and knows how to get the job done. I can’t recommend them highly enough.

How It Works

Our Unique Process We Developed Over 10 years.

Alchemy Security Consulting Pty Ltd provides a broad range of security assessment services to assist our customers in identifying vulnerabilities and maturing their defensive capabilities.


The scope will define the objectives, constraints, scheduling and reporting requirements for the assessment.

assessment execution

We will execute the assessment in line with the agreed scope.


All findings will be documented in a risk prioritised report detailing all findings and recommended actions.

remediation testing

A retest of key findings is performed to validate that remediation actions by the customer have successfully mitigated identified vulnerabilities without introducing further vulnerabilities or risks.

The Benefits

List all the benefits

Both SIEM and incident response processes prepare and enable your business to detect, mitigate and eradicate threats both proactively and reactively.


A well implemented SIEM allows you to proactively detect and defend against cyber attacks.


Performing incident response allows us to identify & limit the impact of a cyber attack against your business.


A SIEM will identify what security controls are providing the most value to your business. Allowing you to more strategically mature your defensive capabilities.


An incident response retainer gives your business the peace of mind that should an incident occur, we have the resources available to quickly react and reduce the impact.

Frequently Asked Questions

Still got questions? Contact us
contact us
What is incident response?
This reactive service allows a business to identify the extent of a breach, respond appropriately to eradicate a threat actor as well as report on the extent of the breach. 

Further to that it also gives an opportunity for the business look at lessons learnt to mature their internal incident response procedures.
What is a SIEM (Security Information and Event Management)?
A SIEM platform allows you to centralise all of your security information and events. Gathering all relevant logs from within your environment and implementing monitoring strategies to alert and report on threats within your environment.
How long does it take to complete an incident response engagement?
Incident response assessments vary in time depending on the motives and capabilities of the threat actor. Generally these engagements involve a minimum of 5 days of hands on time, followed by 2-4 weeks of monitoring to ensure the threat actor has been eradicated.
What is an incident response retainer?
By engaging our Incident Response services on a retainer you can ensure that in the case of a breach, we are prepared with resources on hand to respond appropriately and protect your business. 

Our retainers are tailored to your requirements and allow you to maximise the return on investment by allowing you to utilise your retainer to consume other services through us such as penetration testing or architecture reviews.

It’s free to chat

Send us a message and we will be in touch as soon as possible. And it’s free to chat

Recent Post

Detecting and defending against advanced persistent threats utilizing the latest in industry-leading tools and techniques to strengthen and mature the security posture.

Conti Group - Tooling, Leaks and Russian FSB Ties

The Conti group have been featured across many news outlets lately both inside and outside the cyber security community. It is well known that this specific threat actor is mainly…
Read More

Yes, Local Administrators ARE a Risk

Modern environments are in a constant state of flux; new systems are being commissioned, and old systems decommissioned, to meet new requirements and increase efficiency in all sectors. Managing those…
Read More

OSINT for Penetration Testers

Part of performing an effective and successful penetration test requires gathering as much information about the target as possible. The more information you have on your target, the more likely…
Read More

CONTI Group - The not so advanced APT

Recently in the news it was revealed that a member of an “APT” group that utilises the “Conti” ransomware became disgruntled at the state of their relationship with the group…
Read More

Hidden Cobra - Uncovering the North Korean APT

Advanced persistent threats come in many forms ranging from your crime groups, activists all the way through to your state sponsored groups. While some of these threat actors such as…
Read More

Please Sign Here - Why NTLM Relaying Is Still a Risk in 2021

The Windows Name Resolution Flow You may be under the impression that turning host names into IP addresses is simple. You check:  The Hosts file; then Your system’s DNS (Domain Name System) resolver  That’s it right? If you don’t…
Read More

The benefits of Red Teaming

Red teaming is not a new concept within the cyber security community. However in Australia, Red Teaming is a relatively new term for most organisations. In this blog post we'll…
Read More

Stealing Password Reset Tokens for Fun and Profit

When adding a “Password Reset” function to your application it is especially important to ensure this has the same security considerations as any other critical function within the application. Due…
Read More

MITRE ATT&CK Framework Primer

The MITRE ATT&CK framework is a fairly familiar term within the Cyber Security industry. It has quickly evolved from a niche framework, to the core of many security operation centers.…
Read More