Splunk for Security Investigation: Command and Control Analysis
Network data, such as firewall, web proxy, or NetFlow contains detailed records of all activities between users and hosts, since the network is the medium for all device communication. Through this exercise, you will learn how to detect web proxy traffic anomalies that could indicate command and control activities. Watch the video, then try it yourself by following <a href="http://si_usecase_02.splunkoxygen.com/en-US/account/insecurelogin?username=splunk&password=splunk&return_to=%2Fen-US%2Fapp%2FOLE_Security_Endpoint%2Fsec_search_01?tour=gs_main_intro">these instructions</a> with this <a href=" http://si_usecase_02.splunkoxygen.com/en-US/account/insecurelogin?username=splunk&password=splunk&return_to=%2Fen-US%2Fapp%2FOLE_Security_Endpoint%2Fsearch%3Fq%3Dsourcetype%3Dxmlwineventlog%3Amicrosoft-windows-sysmon%2Foperational%2520EventCode%3D1%2520%26display.page.search.mode%3Dverbose%26display.general.type%3Devents%26display.visualizations.charting.chart%3Dcolumn%26display.page.search.tab%3Devents%26display.visualizations.charting.layout.splitSeries%3D1%26display.events.type%3Draw%26display.prefs.timeline.minimized%3Dfalse%26tour%3Dusecase_01_sec_01%26earliest%3D0%26latest%3D">online Splunk instance</a> pre-loaded with security data. Already using Splunk? Download the <a href="https://splunkbase.splunk.com/app/3358/">Getting Started with Splunk Security App</a>, to get demo data and follow along with the scenarios.
Видео Splunk for Security Investigation: Command and Control Analysis канала Splunk
Видео Splunk for Security Investigation: Command and Control Analysis канала Splunk
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Splunk for Security Investigation: Endpoint Advanced Malware AnalysisSOC 101: Real-time Incident Response WalkthroughSplunk Multisite Clustering Architecture - PART I9 Command Prompt Commands You Should Know!Splunk Security Investigations, Part 1: Threat DetectionHacking Video #02 - Command & ControlReal-Time Log Analytics using SPLUNKInvestigating a Hack with Splunk and the Cyber Kill Chain Part 2Splunk for Security Investigation: RansomwareSplunk UseCase | Splunk Alert | Splunk Detect Brute forceLog Analysis with Splunk | How to use Splunk to analyse a Real time Log | Splunk Use Cases | EdurekaWindows Ransomware Detection with Splunk (2 of 6) – Unusual Traffic – Tor, SMB, DNS, HTTPMy “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 2019SOC Analyst Skills - 4 "Must Have" Tools for Triaging and Analyzing MalwareSplunk BoTS DemoSplunk for Security: What is Enterprise Security? | Data, Dashboards & Darjeeling Webinar SeriesSearch Basics with SplunkThreat Hunting Masterclass: Three Data Science Notebooks to Find Bad Actors in Your Network LogsSplunk SOAR Demo Video