Logo
latest

ELK

  • Introduction
    • What?
    • Why?
    • How?
  • Elastic stack
    • Components
    • Data flow
    • Resources

Splunk basics

  • Introduction
    • What?
    • Why?
    • How?
  • Components
    • Splunk forwarder
    • Splunk indexer
    • Search head
  • Navigation
    • Splunk Bar
    • Apps Panel
    • Explore Splunk
    • Splunk Dashboard
  • Adding data
    • More rooms

Splunk incident handling

  • Introduction
    • What?
    • Why?
    • How?
  • I am really not batman
    • Cyber Kill Chain
  • Reconnaissance phase
    • Questions
  • Exploitation phase
    • Count
    • Questions
    • Extracting username and passwd fields using Regex
    • Questions
  • Installation phase
    • Was this file executed on the server after being uploaded?
    • Questions
  • Action on objectives
    • Questions
  • Command and control phase
    • Questions
  • Weaponisation phase
    • Questions
  • Delivery phase
    • OSINT sites
    • Questions

Challenges

  • Introduction
    • What?
    • Why?
    • How?
  • ItsyBitsy
    • Scenario
    • Questions
  • Investigating with Splunk
    • Questions
  • Benign
    • Questions

Boss of the SOC v2

  • Introduction
    • What?
    • Why?
    • How?
  • Data dive
    • BOTSv2 Dataset
    • Persona
    • Events
    • Resources
  • Web activity investigation
  • Detecting SQL and XSS web application attacks
  • USB attack investigation
  • Investigating FTP
Security information and event management (SIEM)
  • SIEM
  • Blue Team
  • Improbability Blog
  • About the UU
  • Register

Security information and event management

Security information and event management (SIEM) and search queries to look for specific answers from the ingested logs.

ELK

  • Introduction
  • Elastic stack

Splunk basics

  • Introduction
  • Components
  • Navigation
  • Adding data

Splunk incident handling

  • Introduction
  • I am really not batman
  • Reconnaissance phase
  • Exploitation phase
  • Installation phase
  • Action on objectives
  • Command and control phase
  • Weaponisation phase
  • Delivery phase

Challenges

  • Introduction
  • ItsyBitsy
  • Investigating with Splunk
  • Benign

Boss of the SOC v2

  • Introduction
  • Data dive
  • Web activity investigation
  • Detecting SQL and XSS web application attacks
  • USB attack investigation
  • Investigating FTP
Next
Unseen University, 2023, with a forest garden fostered by /ut7.
Read the Docs v: latest
Versions
latest
Downloads
On Read the Docs
Project Home
Builds