Advanced Threat Hunting With Splunk

Or log in to access your purchased courses

Course Discussion

When it comes to log analysis Splunk is one the most popular enterprise grade solutions in the field today. It can pull logs from nearly any device in the network, and it can integrate with most of the popular security products on the market. In the InfoSec field today Splunk is a common tool for what called Cyber Threat Hunting/Hunt Teaming/Malware Hunting/Defensive Cyber Operations (DCO)/Cyber Threat Analysis and many other names.

As popular as Splunk is – surprisingly few people are comfortable performing security event analysis with it. We decided to develop a Hands-on Splunk course designed specifically for InfoSec Professionals that want to do HANDS-ON DEEP TECHNICAL SECURITY ANALYSIS with Splunk.

Deploying Splunk, configuring logging and forwarding

    Installing Splunk
    Configuring logging in Windows and Linux
    Setting up log forwarding
    Understanding how Windows Event logging works

 

Attacking Servers and Workstations

    • Learning attacker tools/tactics/procedures (TTPs)
    • Generating real world security events to analyze
    • Attacking Workstations
    • Attacking Application Servers
    • Learning what types of security events generate log events
    • Writing basic queries for common attacks
    • Analyzing PCAP files with Splunk

 

Hunting with Splunk

    • Data-Centric vs End-Point Hunting
    • Understanding IOCs/IOAs
    • Indicators of Compromise (IOCs)
    • Indicators of Attack (IOAs)
    • Integrating data from popular security products
    • Writing complex queries
    • Detecting Zero-Day attacks

 

Who is this class for?

IT System Administrators, IT Security Professionals, SOC Analysts, First Responders, Incident Handlers, Intrusion Analysts, Malware Analysts

 

Class pre-requisites

Students should be familiar with using Windows and Linux operating environments and be able to troubleshoot general connectivity and setup issues.

Students should be familiar with VMware Workstation and be able to create and configure virtual machines.

Students are recommended to have a high-level understanding of key programming concepts, such as variables, loops and functions; however, no programming experience is necessary.

Students will be provided with detailed courseware, detailed lab manuals, and copy/paste notes so that even if student is not very strong technically they will be able to complete the lab exercises and take notes effectively.

 

Class Schedule & Delivery Method

This class is a hybrid of both self-paced and live-online training. By purchasing this course you’ll immediately given access to the self-paced portion of this training. The self-paced training includes content, lab exercises, videos, and quizzes. The live portion of the training will happen on Tuesday the 6th of November. You can access the course by clicking on the “My Courses” link in the top right corner of https://infosecaddicts.com

Live classes will run on Tuesdays and Thursdays from 6pm EST to 10pm EST

  • Tuesday November 6th
    • 6pm EST to 10pm EST
  • Thursday y November 7th
    • 6pm EST to 10pm EST
  • Tuesday November 6th
    • 6pm EST to 10pm EST
  • Thursday November 14th
    • 6pm EST to 10pm EST
  • Saturday November 24th –  (threat hunting challenge day)
    • 10m EST to 2pm EST

 

Videos:
Each live class will be recorded and made available to the students as additional content in the courses section of the website. So you can keep up with the class even if you have to miss time or even a whole day.

 

Support
Students can request help via the support chat system in the site or via the email based trouble ticketing system (allow 24 hours for a response). Send all questions/concerns to [email protected]

Course By

Marcus Smith

Lessons