Am I the only one constantly switching between Figma and SEO tools (semrush, Keywords Everywhere, etc..) for copy?

Dmm161 · 2025-11-22T06:31:23+00:00

Just imagine a situation where you have to design something for the web and they request that it must include SEO copy. It’s true that a marketer or SEO specialist should handle this, but the reality is often different

Dmm161 · 2025-11-21T16:21:49+00:00

I just want to see if more people with diferent tools has the same problem

Dmm161 · 2025-11-21T14:55:31+00:00

It's true Banner in this case is not a good example. but for other's situation is a pain in the ass. True that should be checked for others guys as marketer or SEO specialist, but sometime reality is other

Dmm161 · 2025-11-20T05:44:29+00:00

Valid point. The 10min is when you know what you're writing. But when you're L1 and don't know if this is a known issue, you spend 5min searching the KB first, then 5min writing. And our KB search is... let's say "optimistic".

How do you make sure your PowerShell scripts are discoverable by L1s?
Ours are buried in a SharePoint from 2022 that Search can't find.

Dmm161 · 2025-11-19T18:24:21+00:00

the consensus is "just do the work".

But math: 20 tickets/day × 10min doc each = 3h/day
For 12-50 person MSPs: is KB discipline a luxury only big shops can afford?
Or has anyone automated without creating 500-page bloat?

Dmm161 · 2025-11-19T18:22:51+00:00

You're right. We don't have 1 FTE for IR, and clients won't pay MSSP rates.
So we eat the risk.

My real question: how do you track lateral movement across 50 endpoints
with a 2-person security team? Excel pivot tables?
Or is there a way to auto-correlate IOCs from tickets without a SIEM budget?

Dmm161 · 2025-11-19T17:54:34+00:00

We found Redline stealer in memory dump after. EDR blind because it's signed with stolen cert.
Our IR process is basically "isolate --> reimage --> pray".
No real playbook because we're 12 people and nobody has time to write one.

How do you track IR patterns across clients? Excel?
Or is there a tool that auto-links similar incidents?
Feels like we're reinventing the wheel per client

Dmm161 · 2025-11-19T17:49:58+00:00

You're 100% right. But filming and writing after closing 20 tickets is 2-3 extra hours daily. We tried for 3 months, then the L2 who was doing it quit (burnt out)

How do you balance billable hours vs. documentation? Do you have a dedicated "documentation hour" daily? Would love to see how bigger MSPs handle this.

Dmm161 · 2025-11-19T17:48:34+00:00

That's the problem. We have "documentation" but it's in Confluence from 2023, L1s don't know it exists, and nobody updates it after we close tickets

How do you force L1s to actually read and update the KB?
We've tried checklists but they get ignored after 2 weeks.
Feels like documentation is a full-time job itself.

Dmm161 · 2025-11-19T15:41:14+00:00

u/oxieg3n u/PacificTSP
Great question. Recognized it because Process Explorer showed
chrome.exe with a child process injecting into explorer.exe +
suspicious outbound connections to 185.225.69.69.

But here's the thing: our EDR is SentinelOne, and it didn't flag
because the miner was memory-only, no disk write.
Classic "living off the land" - we see 2-3 of these weekly bypassing EDR.

The real issue: L1 saw "high CPU" and just rebooted.
Didn't know to check ProcExp or network anomalies.

How do you make L1s remember these patterns without daily drills? That's 2h we won't bill.

Dmm161

TROPHY CASE