Alert Triage With Splunk
Premium roomUse Splunk to triage alerts and investigate malicious activity efficiently.
medium
To access material, start machines and answer questions login.
As a analyst, it’s important to be able to investigate different types of suspicious activity across a variety of assets in the environment. Knowing what to look for and which details matter most during an investigation is a key part of the role.
Learning Objectives
- Learn how to properly investigate alerts in a environment.
- Understand how to investigate brute-force attacks on systems.
- Discover the mechanism on Windows systems.
- Analyse a web shell on a vulnerable web server.
- Learn how to investigate alerts for three given scenarios using .
Room Prerequisites
It is suggested to complete the following rooms first before proceeding:
Lab Access
Before proceeding, start the lab by clicking the Start Machine button below. You will then have access to the Web Interface.
To access , please follow this link: https://LAB_WEB_URL.p.thmlabs.com (opens in new tab). Please wait 4-5 minutes for the instance to launch. Use 's All Time range to search. The indexes where logs are stored for each practical exercise are present in each task.
Set up your virtual environment
Let's go!
Ready to learn Cyber Security?
The Alert Triage With Splunk room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in