Alert Name: SOC168 – Whoami Command Detected in Request Body Severity: High Event ID: 118 Event Time: Feb 28, 2022, 04:12 AM Category: Web Attack Play Book 1. Alert Overview A high-severity web attack alert was triggered on WebServer1004 due to the detection of the whoami command within the HTTP request body. This behavior is commonly associated with command injection attempts, where an attacker tries to execute system-level commands through a web application.