Logo
latest

ELK

  • Introduction
    • What?
    • Why?
    • How?
  • Elastic stack
    • Components
    • Data flow
    • Resources

Splunk basics

  • Introduction
    • What?
    • Why?
    • How?
  • Components
    • Splunk forwarder
    • Splunk indexer
    • Search head
  • Navigation
    • Splunk Bar
    • Apps Panel
    • Explore Splunk
    • Splunk Dashboard
  • Adding data
    • More rooms

Splunk incident handling

  • Introduction
    • What?
    • Why?
    • How?
  • I am really not batman
    • Cyber Kill Chain
  • Reconnaissance phase
    • Questions
  • Exploitation phase
    • Count
    • Questions
    • Extracting username and passwd fields using Regex
    • Questions
  • Installation phase
    • Was this file executed on the server after being uploaded?
    • Questions
  • Action on objectives
    • Questions
  • Command and control phase
    • Questions
  • Weaponisation phase
    • Questions
  • Delivery phase
    • OSINT sites
    • Questions

Challenges

  • Introduction
    • What?
    • Why?
    • How?
  • ItsyBitsy
    • Scenario
    • Questions
  • Investigating with Splunk
    • Questions
  • Benign
    • Questions

Boss of the SOC v2

  • Introduction
    • What?
    • Why?
    • How?
  • Data dive
    • BOTSv2 Dataset
    • Persona
    • Events
    • Resources
  • Web activity investigation
  • Detecting SQL and XSS web application attacks
  • USB attack investigation
  • Investigating FTP
Security information and event management (SIEM)
  • SIEM
  • Blue Team
  • Improbability Blog
  • About the UU
  • Register

Navigation

Splunk Bar

When you access Splunk, you will see the default home screen:

Splunk Home
The top panel is the Splunk Bar

In the Splunk Bar, you can see system-level messages (Messages), configure the Splunk instance (Settings), review the progress of jobs (Activity), miscellaneous information such as tutorials (Help), and a search feature (Find).

Apps Panel

In this panel, you can see the apps installed for the Splunk instance. The default app for every Splunk installation is Search & Reporting.

Explore Splunk

The next section is Explore Splunk. This panel contains quick links to add data to the Splunk instance, add new Splunk apps, and access the Splunk documentation.

Splunk Dashboard

The last section is the Home Dashboard. By default, no dashboards are displayed. You can choose from a range of dashboards readily available within your Splunk instance. You can select a dashboard from the dropdown menu or by visiting the dashboards listing page.

You can also create dashboards and add them to the Home Dashboard. The dashboards you create can be viewed isolated from the other dashboards by clicking on the Yours tab.

Previous Next
Unseen University, 2023, with a forest garden fostered by /ut7.
Read the Docs v: latest
Versions
latest
Downloads
On Read the Docs
Project Home
Builds