Splunk for Security Investigation: Command and Control Analysis

Network data, such as firewall, web proxy, or NetFlow contains detailed records of all activities between users and hosts, since the network is the medium for all device communication. Through this exercise, you will learn how to detect web proxy traffic anomalies that could indicate command and control activities. Watch the video, then try it yourself by following <a href="http://si_usecase_02.splunkoxygen.com/en-US/account/insecurelogin?username=splunk&password=splunk&return_to=%2Fen-US%2Fapp%2FOLE_Security_Endpoint%2Fsec_search_01?tour=gs_main_intro">these instructions</a> with this <a href=" http://si_usecase_02.splunkoxygen.com/en-US/account/insecurelogin?username=splunk&password=splunk&return_to=%2Fen-US%2Fapp%2FOLE_Security_Endpoint%2Fsearch%3Fq%3Dsourcetype%3Dxmlwineventlog%3Amicrosoft-windows-sysmon%2Foperational%2520EventCode%3D1%2520%26display.page.search.mode%3Dverbose%26display.general.type%3Devents%26display.visualizations.charting.chart%3Dcolumn%26display.page.search.tab%3Devents%26display.visualizations.charting.layout.splitSeries%3D1%26display.events.type%3Draw%26display.prefs.timeline.minimized%3Dfalse%26tour%3Dusecase_01_sec_01%26earliest%3D0%26latest%3D">online Splunk instance</a> pre-loaded with security data. Already using Splunk? Download the <a href="https://splunkbase.splunk.com/app/3358/">Getting Started with Splunk Security App</a>, to get demo data and follow along with the scenarios.

Видео Splunk for Security Investigation: Command and Control Analysis канала Splunk