Logo
latest

ELK

  • Introduction
    • What?
    • Why?
    • How?
  • Elastic stack
    • Components
    • Data flow
    • Resources

Splunk basics

  • Introduction
    • What?
    • Why?
    • How?
  • Components
    • Splunk forwarder
    • Splunk indexer
    • Search head
  • Navigation
    • Splunk Bar
    • Apps Panel
    • Explore Splunk
    • Splunk Dashboard
  • Adding data
    • More rooms

Splunk incident handling

  • Introduction
    • What?
    • Why?
    • How?
  • I am really not batman
    • Cyber Kill Chain
  • Reconnaissance phase
    • Questions
  • Exploitation phase
    • Count
    • Questions
    • Extracting username and passwd fields using Regex
    • Questions
  • Installation phase
    • Was this file executed on the server after being uploaded?
    • Questions
  • Action on objectives
    • Questions
  • Command and control phase
    • Questions
  • Weaponisation phase
    • Questions
  • Delivery phase
    • OSINT sites
    • Questions

Challenges

  • Introduction
    • What?
    • Why?
    • How?
  • ItsyBitsy
    • Scenario
    • Questions
  • Investigating with Splunk
    • Questions
  • Benign
    • Questions

Boss of the SOC v2

  • Introduction
    • What?
    • Why?
    • How?
  • Data dive
    • BOTSv2 Dataset
    • Persona
    • Events
    • Resources
  • Web activity investigation
  • Detecting SQL and XSS web application attacks
  • USB attack investigation
  • Investigating FTP
Security information and event management (SIEM)
  • SIEM
  • Blue Team
  • Improbability Blog
  • About the UU
  • Register
Incident handling with Splunk
THM Room: Incident handling with Splunk

Introduction

What?

Incident handling.

Why?

Stop/defend/prevent against the attack in a better way.

How?

  • I am really not batman

  • Reconnaissance phase

  • Exploitation phase

  • Installation phase

  • Action on objectives

  • Command and control phase

  • Weaponisation phase

  • Delivery phase

Previous Next
Unseen University, 2023, with a forest garden fostered by /ut7.
Read the Docs v: latest
Versions
latest
Downloads
On Read the Docs
Project Home
Builds