Skip to main content

Blog

Incident Handling With Splunk / Splunk 201 (TryHackMe Walkthrough)

Learn to use Splunk for incident handling through interactive scenarios. #

Room: https://tryhackme.com/r/room/splunk201

Learning Objectives and Pre-requisites

Before going through this room, it is expected that the participants will have a basic understanding of Splunk. If not, consider going through this room, Splunk 101 (https://tryhackme.com/jr/splunk101).
  • Learn how to leverage OSINT sites during an investigation
  • How to map Attacker's activities to Cyber Kill Chain Phases
  • How to utilize effective Splunk searches to investigate logs
  • Understand the importance of host-centric and network-centric log sources
Task 1 Introduction: Incident Handling

Q: Read the above and continue to the next task.
Answer: No answer needed

Splunk Basics / Splunk 101 (TryHackMe Walkthrough)

Room Link: https://tryhackme.com/room/splunk101

Learning Objectives and Pre-requisites

If you are new to SIEM, please complete the Introduction to SIEM. This room covers the following learning objectives:
  • Splunk overview
  • Splunk components and how they work
  • Different ways to ingest logs
  • Normalization of logs
Task 1 Introduction
Splunk is one of the leading SIEM solutions in the market that provides the ability to collect, analyze and correlate the network and machine logs in real-time. In this room, we will explore the basics of Splunk and its functionalities and how it provides better visibility of network activities and help in speeding up the detection.

Continue with the next task.

Deploy and Configure Azure Firewall and Rules to Allow/Deny Access to Certain Websites

·17 mins

Deploy and Configure Azure Firewall and Rules to Allow/Deny Access to Certain Websites #

Fig.1 - Azure Premium Firewall Diagram | Image Source: Microsoft.com

The Azure Firewall is a fully managed cloud-native service that provides network security to protect your Azure virtual network resources. The service offers built-in high availability, unrestricted scalability, threat intelligence-based filtering, logging and monitoring, and many more features and capabilities.