Incident Handling With Splunk
Premium roomLearn to use Splunk for incident handling through interactive scenarios.
medium
300 min
45,043
To access material, start machines and answer questions login.
This room covers an incident Handling scenario using . An incident from a security perspective is "Any event or action, that has a negative consequence on the security of a user/computer or an organization is considered a security incident." Below are a few of the events that would negatively affect the environment when they occurred:
- Crashing the system
- Execution of an unwanted program
- Access to sensitive information from an unauthorized user
- A Website being defaced by the attacker
- The use of USB devices when there is a restriction in usage is against the company's policy
- Learn how to leverage sites during an investigation
- How to map Attacker's activities to Cyber Kill Chain Phases
- How to utilize effective searches to investigate logs
- Understand the importance of host-centric and network-centric log sources
Room Prerequisites
Before going through this room, it is expected that the participants will have a basic understanding of . If not, consider going through this room, 101 (https://tryhackme.com/jr/splunk101).
It is good to understand the following before completing this lesson:
- overview and basic navigation
- Important Queries
- Know how to use different functions/values to craft a search query
- How to look for interesting fields
Ready to learn Cyber Security?
The Incident Handling With Splunk room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in