In this lab the student will learn how to configure and securely run the Splunk Enterprise security information collection and analysis platform. The objective of the lab is to deploy multiple instances of Splunk data forwarders through a deployment server and analyze the logs received from the servers. The student will write custom scripts to generate logs, create both visual and textual reports, organize these reports into a single dashboard, and learn to recognize malicious activity.
Prerequisites
Intermediate understanding of networking concepts and services (TCP/IP, SSH, etc.) and a basic understanding of shell scripting in bash (Linux) and PowerShell (Windows). Familiarity with the Linux and Windows environment, command line tools, and text editors (vi, vim, nano, or emacs) is also required.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: Enterprise Instructional Labs
- Essential Tools for Cybersecurity
- Network Monitoring and Reconnaissance Package
- Law Enforcement/Counterintelligence Forensics Analyst 2
- Cyber Defense Forensics Analyst 2
- System Administrator 2
- Vulnerability Assessment Analyst 2
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
