Skip to main content

Log Management

Incident Handling With Splunk / Splunk 201 (TryHackMe Walkthrough)

Learn to use Splunk for incident handling through interactive scenarios. #

Room: https://tryhackme.com/r/room/splunk201

Learning Objectives and Pre-requisites

Before going through this room, it is expected that the participants will have a basic understanding of Splunk. If not, consider going through this room, Splunk 101 (https://tryhackme.com/jr/splunk101).
  • Learn how to leverage OSINT sites during an investigation
  • How to map Attacker's activities to Cyber Kill Chain Phases
  • How to utilize effective Splunk searches to investigate logs
  • Understand the importance of host-centric and network-centric log sources
Task 1 Introduction: Incident Handling

Q: Read the above and continue to the next task.
Answer: No answer needed

Splunk Basics / Splunk 101 (TryHackMe Walkthrough)

Room Link: https://tryhackme.com/room/splunk101

Learning Objectives and Pre-requisites

If you are new to SIEM, please complete the Introduction to SIEM. This room covers the following learning objectives:
  • Splunk overview
  • Splunk components and how they work
  • Different ways to ingest logs
  • Normalization of logs
Task 1 Introduction
Splunk is one of the leading SIEM solutions in the market that provides the ability to collect, analyze and correlate the network and machine logs in real-time. In this room, we will explore the basics of Splunk and its functionalities and how it provides better visibility of network activities and help in speeding up the detection.

Continue with the next task.