Advanced Threat Hunting With Splunk

Or log in to access your purchased courses

When it comes to log analysis Splunk is one of the most popular enterprise grade solutions in the field today. It can pull logs from nearly any device in the network, and it can integrate with most of the popular security products on the market. In the InfoSec field today Splunk is a common tool for what is called Cyber Threat Hunting/Hunt Teaming/Malware Hunting/Defensive Cyber Operations (DCO)/Cyber Threat Analysis and many other names.

As popular as Splunk is – surprisingly few people are comfortable performing security event analysis with it. We decided to develop a Hands-on Splunk course designed specifically for InfoSec Professionals that want to do HANDS-ON DEEP TECHNICAL SECURITY ANALYSIS with Splunk.

Deploying Splunk, configuring logging and forwarding

    Installing Splunk
    Configuring logging in Windows and Linux
    Setting up log forwarding
    Understanding how Windows Event logging works

 

Attacking Servers and Workstations

    • Learning attacker tools/tactics/procedures (TTPs)
    • Generating real world security events to analyze
    • Attacking Workstations
    • Attacking Application Servers
    • Learning what types of security events generate log events
    • Writing basic queries for common attacks
    • Analyzing PCAP files with Splunk

 

Hunting with Splunk

    • Data-Centric vs End-Point Hunting
    • Understanding IOCs/IOAs
    • Indicators of Compromise (IOCs)
    • Indicators of Attack (IOAs)
    • Integrating data from popular security products
    • Writing complex queries
    • Detecting Zero-Day attacks

 

Who is this class for?

IT System Administrators, IT Security Professionals, SOC Analysts, First Responders, Incident Handlers, Intrusion Analysts, Malware Analysts

 

Class pre-requisites

Students should be familiar with using Windows and Linux operating environments and be able to troubleshoot general connectivity and setup issues.

Students should be familiar with VMware Workstation and be able to create and configure virtual machines.

Students are recommended to have a high-level understanding of key programming concepts, such as variables, loops and functions; however, no programming experience is necessary.

Students will be provided with detailed courseware, detailed lab manuals, and copy/paste notes so that even if a student is not very strong technically they will be able to complete the lab exercises and take notes effectively.

 

Class Schedule & Delivery Method

This class is a hybrid of both self-paced and live-online training. By purchasing this course you’ll immediately be given access to the self-paced portion of this training. The self-paced training includes content, lab exercises, videos, and quizzes. The live portion of the training will happen on Tuesday the 6th of November. You can access the course by clicking on the “My Courses” link in the top right corner of https://infosecaddicts.com

Live classes will run on Tuesdays and Thursdays from 6pm EST to 10pm EST

  • Tuesday November 6th
    • 6pm EST to 10pm EST
  • Thursday y November 7th
    • 6pm EST to 10pm EST
  • Tuesday November 6th
    • 6pm EST to 10pm EST
  • Thursday November 14th
    • 6pm EST to 10pm EST
  • Saturday November 24th –  (threat hunting challenge day)
    • 10m EST to 2pm EST

 

Videos:
Each live class will be recorded and made available to the students as additional content in the courses section of the website. So you can keep up with the class even if you have to miss time or even a whole day.

 

Support
Students can request help via the support chat system in the site or via the email based trouble ticketing system (allow 24 hours for a response). Send all questions/concerns to [email protected]

Avatar
Course By

Marcus Smith

Lessons

Lesson 1: Live Classes and Getting started with Course content

Author: Marcus Smith

Introduction In this lesson we will know the virtual machines with which we will work, you can also create your own machines and tools and then modify them depending on the test you are doing. Learning Objectives 1) Know the tools with which we will work. 2) Install the virtual machines that we will use. [...]

Lesson 6: Exporting Splunk logs/events

Author: Marcus Smith

Introduction After obtaining the information of the event that we are monitoring, we can export it in several formats in a straightforward way through the Splunk web interface. Learning Objectives…

Lesson 7: Remove Splunk

Author: Marcus Smith

Introduction In this lesson, we will learn to eliminate Splunk from our machine. It is recommended that this lesson is not done yet, it takes more than half of the…

Lesson 9: Using Splunk Stream

Author: Marcus Smith

Introduction Splunk Stream is a Free app that is extended by Splunk Enterprise that serves to collect data and break down the basic concepts of that data using necessary protocols.…

Lesson 10: Workflow Actions

Author: Marcus Smith

Introduction Workflows are a Splunk functionality that allows faster and more effective analysis. The research tasks of domains, IP addresses, host names, routes, and others can be done in a…

Lesson 11: Using Metadata and tstats

Author: Marcus Smith

Introduction Gathering information, is an essential task to understand what happens in our network, Splunk has metadata and statistics that facilitate this task and thus hunt for possible threats. Learning…