- Incident Handling Life Cycle
- Volatility: Perform Memory Forensics with Volatility (Part 01)
- Introduction to Network Forensics
- Netminer
- Splunk SPL 101
- Splunk Fundamentals
- Wireshark 101 | Packet Operations
- Wireshark 101 | Traffic Analysis
- Analysis with Wireshark
- Windows Event Logs
- Incident Report Template
- Code Obfuscation and Deobfuscation
Views: 14
Splunk Components
Splunk Forwarder
Splunk Forwarder is a lightweight agent installed on the endpoint intended to be monitored, and its main task is to collect the data and send it to the Splunk instance.
Splunk Indexer
Splunk Indexer plays the main role in processing the data it receives from forwarders. It takes the data, normalizes it into field-value pairs, determines the datatype of the data, and stores them as events. Processed data is easy to search and analyze.
Splunk Head
Splunk Search Head is the place within the Search & Reporting App where users can search the indexed logs as shown below. When the user searches for a term or uses a Search language known as Splunk Search Processing Language, the request is sent to the indexer and the relevant events are returned in the form of field-value pairs.
Data Source Categories
Data sources are grouped into categories.
