In this four part series of videos we examine how you can use Splunk and the Lockheed Martin Kill Chain to investigate a data breach.
In Part 1 (this video) :
1. We introduce Splunk as a tool,.
2. We examine the hack/security incident we are going to investigate with Splunk.
3. We discuss the Lockheed Martin Cyber Kill Chain we will use as an investigative framework.
4. We have a quick look at the datasources we have available in Splunk to help us with our investigation.
Introduction to the Splunk Security Dataset
Splunk Security Datasets on GitHub
Boss of the SOC Team Competition Scoring Application
Splunk Online Live Access to the Splunk Security Project