In today’s blog we’re covering one of the mostly widely used cybersecurity tools (especially for those working in SOCs as cyber analysts). Splunk is a Security Information and Event Management (SIEM) tool that provides a central location to collect log data from multiple sources within your environment. This data is aggregated and normalized, which can then be queried by an analyst. Splunk is not just for cyber folks; it’s used for data analysis, DevOps, etc. In the below video, we talk through the TryHackMe Splunk 101 lab that is part of their Cyber Defense Learning Path. We do a break down of capabilities, how to ingest/load data (logs), how to query information, different types of apps, alerting, and more.
Below I’m going to share with you my answers when going through the knowledge checks in the different tasks in the room. Definitely try to work through the problems as much as you can. In this particular room, there are a few tasks that don’t require you to answer any questions, so those tasks are omitted from the screenshots below. Make sure to follow along in the video so you understand what you need to do to get the answers below.
Splunk 101 Task 3 – Splunk Apps
Splunk 101 Task 4 – Adding Data
Splunk 101 Task 5 – Splunk Queries
Splunk 101 Task 6 – Sigma Rules
Splunk 101 Task 7 – Dashboards & Visualizations
Network Knowledge Wrap Up
Keep an eye out as I continue to work through other TryHackMe CompTIA Pentest+ rooms!
Here is the Comptia Pentest+ training book bundle I’m using. (Affiliate Link)
TryHackMe Splunk 101 Room
Free training from Splunk