Threat Hunt Like a Pro in Splunk | Create Dynamic Dashboards to Hunt Host-Based Threats

Learn how to build a **Splunk threat hunting dashboard** that takes a hostname as input and surfaces critical security events instantly across multiple data sources. Whether you’re working in a SOC or just leveling up your cyber defense skills, this lab-style video shows you how to:

✅ Search DNS queries for a specific host
✅ Pull local authentication logs
✅ Identify top processes running on the host
✅ Analyze suspicious command line activity

We’ll create interactive dashboards step-by-step, making your threat hunting **faster, smarter, and more scalable**.

🎯 Ideal for:
- Threat hunters
- Blue teamers
- SOC analysts
- Splunk users looking to automate investigation workflows

💡 Ready to hunt smarter?
Don’t forget to **like, subscribe**, and turn on notifications for more practical Splunk and cybersecurity content every week!

Boss of the Soc Data Set
https://github.com/splunk/botsv3

❓Todays Queries
✔️DNS Query
index=botsv3 host=$host$ hostname protocol_stack="ip:udp:dns" source="stream:dns" "message_type{}"=QUERY "query_type{}"=A
| table host hostname{} _time

✔️Host Query
index=botsv3 EventCode=4624 OR EventCode=4625 $host$ | table TaskCategory Account_Name EventCode
| dedup Account_Name

✔️Top Processes
index=botsv3 host=$host$ AND Creator_Process_Name="*"
| stats count by Creator_Process_Name
| sort -count
| head 10
| eval process_label = Creator_Process_Name . " (" . count . ")"
| table process_label count

✔️Command Line Rare Events
index=botsv3 host=$host$ AND CommandLine="*" | stats count by CommandLine | rare limit=20 CommandLine

Music Attribution:
Inpulsemusic - Lofi Chill Background Music
https://pixabay.com/music/beats-lofi-chill-background-music-330144/

🎯 Hashtags:

#ThreatHunting #Splunk #CyberSecurity #BlueTeam #SIEM #SOC #DetectionEngineering #DFIR #SecurityOperations #SplunkDashboard

Видео Threat Hunt Like a Pro in Splunk | Create Dynamic Dashboards to Hunt Host-Based Threats канала Hoplite Security