In this video walkthrough, we covered how to hunt and identify advanced persistent threat with Splunk by correlating constructing the events to learn how the incident happened.


Get Splunk Field Notes



Challenge Introduction

Part of the Blue Primer series, learn how to use Splunk to search through massive amounts of information.

The first section of this room consists of a quiz over Splunk. I recommend attempting the quiz while the machine loads as it can take some time. If the VM fails to load, a direct link to the OVA file (Splunk) can be found here. You can also build this manually using the data and instructions found at this link.

Tasks List

Challenge Link

Video Walkthrough



About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles