Monitoring
Incident Handling With Splunk / Splunk 201 (TryHackMe Walkthrough)
Learn to use Splunk for incident handling through interactive scenarios. #
Learning Objectives and Pre-requisites
Before going through this room, it is expected that the participants will have a basic understanding of Splunk. If not, consider going through this room, Splunk 101 (https://tryhackme.com/jr/splunk101).- Learn how to leverage OSINT sites during an investigation
- How to map Attacker's activities to Cyber Kill Chain Phases
- How to utilize effective Splunk searches to investigate logs
- Understand the importance of host-centric and network-centric log sources
Task 1 Introduction: Incident Handling
Q: Read the above and continue to the next task.
Answer: No answer needed
Splunk Basics / Splunk 101 (TryHackMe Walkthrough)
Room Link: https://tryhackme.com/room/splunk101
Learning Objectives and Pre-requisites
If you are new to SIEM, please complete the Introduction to SIEM. This room covers the following learning objectives:- Splunk overview
- Splunk components and how they work
- Different ways to ingest logs
- Normalization of logs
Task 1 Introduction
Splunk is one of the leading SIEM solutions in the market that provides the ability to collect, analyze and correlate the network and machine logs in real-time. In this room, we will explore the basics of Splunk and its functionalities and how it provides better visibility of network activities and help in speeding up the detection.Continue with the next task.