Security Monitoring
-
Benign: WALKTHROUGH
We will investigate host-centric logs in this challenge room to find suspicious process execution. To learn more about Splunk and how to…
-
Investigating With Splunk: WALKTHROUGH
SOC Analyst Johny has observed some anomalous behaviours in the logs of a few windows machines. It looks like the adversary has access to some…
-
Splunk Incident Handling: WALKTHROUGH
This room covers an incident Handling scenario using Splunk. An incident from a security perspective is “Any event or action, that has…
-
ELK 101: WALKTHROUGH
In this room, we will learn how to utilize the Kibana interface to search, filter, and create visualizations and dashboards, while investigating VPN logs…
-
SIEM: NOTES
What is SIEM SIEM stands for Security Information and Event Management system. It is a tool that collects data from various endpoints/network devices across the…
-
Wazuh: WALKTHROUGH
[INCOMPLETE] Created in 2015, Wazuh is an open-source, freely available and extensive EDR solution. It can be used in all scales of environments. Wazuh…