Splunk: Setting up a SOC Lab
Premium roomSet up a Splunk lab and ingest logs with the Universal Forwarder.
medium
60 min
17,733
To access material, start machines and answer questions login.
A few weeks ago, Jasmine, the owner of Coffely, reported a data breach where her secret recipe was stolen by an insider from the IT department. Thanks to the Forensics team, the culprit was quickly identified, and the recipe was recovered.
Now, Jasmine wants to build an in-house to continuously monitor critical logs and detect threats early. She has enlisted your help to set up locally, integrating logs from a host and the Coffely web server to build a centralized monitoring capability.
Objectives
- Learn how to install and the Universal Forwarder on a host
- Explore configuration via the command line
- Understand how to ingest and Web logs into
Prerequisites
- Cover Introduction to for an overview of usage for log analysis
- Check out : Basics to get comfortable navigating the interface
- Work through : Exploring to learn about 's Search Processing Language
About the Lab
In this lab, you'll work with a environment to install and configure , integrate key log sources, and forward data from system files and a web server. By the end, you'll have a working setup for centralized log monitoring using .
I understand the learning objectives and am ready to set up a SOC lab!
Ready to learn Cyber Security?
The Splunk: Setting up a SOC Lab room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in