SOC Cybersecurity Threat Hunting with Splunk

سرفصل های دوره

Threat Hunting with Splunk SIEM for Cybersecurity Analysis and SOC Analysts

1. Introduction - Welcome

1. Introduction - Welcome

2. Threat Hunting Lab Setup with Splunk

1.1 01- Splunk Installation.txt

1. Splunk installation from scratch

2.1 Apps and Addons.rar

2. Splunk bulk Apps and Addons Installation

3.1 botsv1-attack-only.zip

3.2 botsv2 data set attack only.7z.zip

3.3 botsv2 data set attack only.7z.zip

3.4 botsv2 data set attack only.7z.zip

3.5 botsv2 data set attack only.7z.zip

3.6 botsv3 data set.zip

3. Splunk Boss of The SOC (BOTS) Installation

4.1 Commands and Subtitles.7z

4.2 Logs.rar

4. Import Lab Attacks Data to Splunk

3. Base Knowledge for Splunk and Threat Hunting

1. What is Splunk

2. What is Indicator of Compromise (IoC)

3. Cyber Kill Chain and MITRE ATT&CK

4. Basic Attacks Hunting with Splunk

1.1 01- Large Web Upload Hunting.txt

1. Large Web Upload Hunting

2.1 02- Hunting with Top and Rare Commands.txt

2. Hunting with Top and Rare Commands

3.1 03- Network Connection Hunting.txt

3. Network Connections Hunting with Splunk

4.1 04- Basic Scanning Detection.txt

4. Basic Scanning Detection with Splunk

5.1 05- Brute Force Attack Detection.txt

5. Brute Force Attack Detection with Splunk

5. Windows Attacks Detection with Splunk

1. Windows Process Analysis

2.1 02- Basic Malicious Process Hunting with Splunk.txt

2. Basic Malicious Process Hunting with Splunk

3.1 03- Parent and Child Process Tree.txt

3. Parent and Child Process Tree analysis with Splunk

4.1 04- Hunting Malicious Windows Process CommandLine.txt

4. Hunting Malicious Windows Process CommandLine

5.1 05- Fake Windows Processes Hunting.txt

5. Fake Windows Processes Hunting

6.1 06- Process Injection Hunting.txt

6. Process Injection Hunting

7. What is LSASS Process

8.1 08- Create Remote Thread Into LSASS.txt

8. Create Remote Thread Into LSASS

9.1 09- Access LSASS Memory for Dump Creation.txt

9. Access LSASS Memory for Dump Creation

10.1 10- Credential Dumping through LSASS Access.txt

10. Credential Dumping through LSASS Access

11. What is Mimikatz

12.1 12- Hunting Mimikatz Using Sysmon and Splunk.txt

12. Hunting Mimikatz Using Sysmon and Splunk

13.1 13- Windows Mimikatz Binary Execution.txt

13. Windows Mimikatz Binary Execution Hunting with Splunk

14.1 14- Hunting Mimikatz with Powershell and Splunk.txt

14. Hunting Mimikatz with Powershell and Splunk

6. Active Directory Domain Controller Attack Detection with Splunk

1. What is Kerberos Protocol

2. Kerberoasting Attack Hunting - Part 01

3.1 03- Kerberoasting Attack Hunting (Part 02).txt

3. Kerberoasting Attack Hunting - Part 02

4.1 04- DCSync Attack Detection.txt

4. DCSync Attack Detection

5.1 05- Overpass-the-Hash Attack Detection.txt

5. Overpass-the-Hash Attack Detection

6.1 06- Pass-the-Ticket Attack Detection.txt

6. Pass-the-Ticket Attack Detection

7. What is NTLM Protocol

8.1 08- Pass-the-Hash Attack Detection.txt

8. Pass-the-Hash Attack Detection

7. Anomaly Activity Hunting with Data Science and Splunk

1. Data Science and Splunk

2. Standard Deviation

3. Normal Distribution or Gaussian Distribution

4. Empirical or 689599.7 rule

5.1 05- ICMP Tunnel Outlier Detection.txt

5. ICMP Tunnel Outlier Detection

6.1 06- Windows Process CommandLine outlier Detection.txt

6. Windows Process CommandLine outlier Detection

7.1 07- SMB Traffic Anomaly Detection.txt

7. SMB Traffic Anomaly Detection

8. What is Splunk Machine Learning Toolkit

9. DNS Outlier Detection with Splunk MLTK

8. Splunk Integration for Cyber Threat Intelligence

1.1 01- Malware Detection with Cyber Threat Intelligence.txt

1.2 Malicious-Domain.rar

1. Malware Detection with Cyber Threat Intelligence

2.1 02- Malware Info Enrichment.txt

2. Malware Info Enrichment

3.1 03- MISP integration with Splunk - Part 01.txt

3. MISP integration with Splunk - Part 01

4.1 04- MISP integration with Splunk - Part 02.txt

4. MISP integration with Splunk - Part 02

5.1 05- AlienVault OTX Integration with Splunk.txt

5. AlienVault OTX Integration with Splunk

6.1 06- VirusTotal Integration with Splunk.txt

6. VirusTotal Integration with Splunk

9. Threat Hunting with ChatGPT and Splunk

1. What is ChatGPT

2. ChatGPT Integration with Splunk

3.1 03- Threat Hunting with ChatGPT and Splunk.txt

3. Threat Hunting with ChatGPT and Splunk

10. Malicious Activity Hunting with Splunk and RITA

1. What is Real Intelligence Threat Analytics (RITA)

2.1 02- RITA Installation and Configuration.txt

2. RITA Installation and Configuration

3.1 03- Splunk Integration with RITA.txt

3. Splunk Integration with RITA

4.1 04- Beaconing Detection with RITA and Splunk.txt

4. Beaconing Detection with RITA and Splunk

5. DNS Tunneling Detection with RITA and Splunk

11. Lateral Movement Detection with Splunk

1.1 01- PsExec Attack Detection.txt

1. PsExec Attack Detection with Splunk

2.1 02- PowerShell spawned Process Lateral movement Detection.txt

2. PowerShell spawned Process Lateral movement Detection with Splunk

3.1 03- WMI Lateral Movement Detection.txt

3. WMI Lateral Movement Detection with Splunk

4.1 04- WinRM-WinRS Attack Detection.txt

4. WinRM-WinRS Attack Detection with Splunk

5.1 05- Svchost Lolbas Execution Process Spawn.txt

5. Svchost Lolbas Execution Process Spawn with Splunk

12. Persistence Hunting with Splunk

1.1 01- Image File Execution Options Injection.txt

1. Image File Execution Options Injection with Splunk

2.1 02- Schedule Task with Rundll32 Command Trigger.txt

2. Schedule Task with Rundll32 Command Trigger Hunting with Splunk

3.1 03- Sc Exe Manipulating Windows Services.txt

3. Sc Exe Manipulating Windows Services Hunting with Splunk

4.1 04- Time Provider Persistence Registry.txt

4. Time Provider Persistence Registry Hunting with Splunk

5.1 05- ETW Registry Disabled Hunting.txt

5. ETW Registry Disabled Hunting with Splunk

139,000 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy