Splunk

Splunk: Search Processing Language (SPL) Basics

by
This entry is part 10 of 17 in the series Threat Detection Engineering

Views: 63Splunk Search Processing Language comprises of multiple functions, operators and commands that are used together to form a simple to complex search and get the desired results from the ingested logs. Main components of SPL Search Field Operators Comparison Operators These operators are used to compare the values against the fields. Field Name Operator … Read more

Splunk: SPL Cheat Sheet for SOC Analysts

by

Views: 26Splunk Cheat Sheet Query to identify failed login attempts: Query to identify privilege escalation attempts: Query to identify failed SSH attempts: Query to identify successful SSH attempts: Query to identify unusual network traffic: Query to identify suspicious processes: Query to identify brute force attacks: Query to identify privilege escalation attempts on Windows systems: Query … Read more

Splunk Fundamentals

by
This entry is part 6 of 13 in the series Incident Response and Forensics

Views: 14Splunk Components Splunk Forwarder Splunk Forwarder is a lightweight agent installed on the endpoint intended to be monitored, and its main task is to collect the data and send it to the Splunk instance. Splunk Indexer Splunk Indexer plays the main role in processing the data it receives from forwarders. It takes the data, normalizes … Read more