Blue team

An investigation with Splunk + CKC

Red team
Green team
Purple team
Ty Myrddin

Initializing search

Blue team

Going places
Going places
- Blue team @SOC
  Blue team @SOC
  - Network traffic analysis (NTA)
  - Digital forensics and incident response (DFIR)
  - Endpoint detection and response (EDR)
  - Security information and event management (SIEM)
    
    Security information and event management (SIEM)
    
    SIEM and threat intelligence/hunting notes
    
    An investigation with Splunk + CKC
    
    An investigation with Splunk + CKC
    
    Splunk investigation walkthrough
    
    I am really not batman
    
    Reconnaissance phase
    
    Exploitation phase
    
    Installation phase
    
    Action on objectives
    
    Command and control phase
    
    Weaponisation phase
    
    Delivery phase
    
    An investigation with Splunk + CKC An investigation with Splunk + CKC
    Table of contents
    
    Splunk investigation walkthrough
    
    I am really not batman
    
    Reconnaissance phase
    
    Exploitation phase
    
    Installation phase
    
    Action on objectives
    
    Command and control phase
    
    Weaponisation phase
    
    Delivery phase
    
    TryHackMe rooms
    
    Puzzles @Cyberdefenders
    
    Boss of the SOC v2
    
    Big-Picture view of current real-world attacks
    
    Security Detectors for Wazuh (Mock Mode) @GitHub
- Blue team for dev
- Blue team @Home

An investigation with Splunk + CKC¶

The only marathon where the finish line is a .conf file.

Splunk investigation walkthrough
I am really not batman
Reconnaissance phase
Exploitation phase
Installation phase
Action on objectives
Command and control phase
Weaponisation phase
Delivery phase

Last update: 2025-05-12 14:39

Previous Threat hunting

Next Splunk investigation walkthrough

© Copyright 2025, TyMyrddin.

Created using Sphinx 7.2.6. and Sphinx-Immaterial

Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7