In this video walkthrough, we covered how to hunt and identify advanced persistent threat with Splunk by correlating constructing the events to learn how the incident happened.
Part of the Blue Primer series, learn how to use Splunk to search through massive amounts of information.
The first section of this room consists of a quiz over Splunk. I recommend attempting the quiz while the machine loads as it can take some time. If the VM fails to load, a direct link to the OVA file (Splunk) can be found here. You can also build this manually using the data and instructions found at this link.