Press "Enter" to skip to content

Investigating a Hack with Splunk and the Cyber Kill Chain Part 1



In this four part series of videos we examine how you can use Splunk and the Lockheed Martin Kill Chain to investigate a data breach.

In Part 1 (this video) :

1. We introduce Splunk as a tool,.
2. We examine the hack/security incident we are going to investigate with Splunk.
3. We discuss the Lockheed Martin Cyber Kill Chain we will use as an investigative framework.
4. We have a quick look at the datasources we have available in Splunk to help us with our investigation.

Links

Introduction to the Splunk Security Dataset
https://www.splunk.com/blog/2018/05/03/introducing-the-security-datasets-project.html#

Splunk Security Datasets on GitHub
https://github.com/splunk/securitydatasets

Boss of the SOC Team Competition Scoring Application
https://www.splunk.com/blog/2018/05/10/boss-of-the-soc-scoring-server-questions-and-answers-and-dataset-open-sourced-and-ready-for-download.html

Splunk Online Live Access to the Splunk Security Project
https://live.splunk.com/splunk-security-dataset-project

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x