Premise

In this video walkthrough, we covered how to hunt and identify advanced persistent threat with Splunk by correlating constructing the events to learn how the incident happened.

Get Splunk Field Notes

Challenge Introduction

Part of the Blue Primer series, learn how to use Splunk to search through massive amounts of information.

The first section of this room consists of a quiz over Splunk. I recommend attempting the quiz while the machine loads as it can take some time. If the VM fails to load, a direct link to the OVA file (Splunk) can be found here. You can also build this manually using the data and instructions found at this link.

Tasks List

Can you dig it?

BOTS!

Halp, I’m drowning in logs!

Advanced Persistent Threat

Ransomware

Challenge Link

https://tryhackme.com/room/bpsplunk

Video Walkthrough

CTF Writeup, SIEM, splunk

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Hunting Advanced Persistent Threat APT with Splunk | TryHackMe Boss of the SOC V1

Premise

Challenge Introduction

Tasks List

Challenge Link

Video Walkthrough

Leave a Reply Cancel reply

Motasem

About the Author

Press ESC to close

Hunting Advanced Persistent Threat APT with Splunk | TryHackMe Boss of the SOC V1

Premise

Challenge Introduction

Tasks List

Challenge Link

Video Walkthrough

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

You might also like

Open Source Intelligence Reddit Case Study | TryHackMe Advent of Cyber

Open Source Intelligence Tools & Techniques Explained With Case Studies

WordPress XXE Vulnerability | CVE-2021-29447 TryHackMe