Skip to content
-
Security You Can Trust, Expertise You Can Rely On. TekGenX Consulting
NetwerkLABS

Powered By TEKGENX CONSULTING

  • Home
  • BLUE TEAM
    • MITRE ATT&CK
    • INFOSEC Governance and Regulation
      • NIST
        • IDENTIFY
        • PROTECT
        • DETECT
        • RESPOND
        • RECOVER
      • Risk Management
    • SOC
      • Threat Detection and Incident Response
        • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
        • Threat Hunting
          • Traffic Analysis
        • Splunk
          • Splunk Basics
          • Understanding Log Sources
          • Dashboards and Reports
          • Exploring SPL
          • Incident Handling with Splunk
          • Investigating with Splunk
    • Security+
    • Scripting
      • Bash Scripting
      • Python
      • ZyBER-TOOLS
  • ZyBER-SERIES
    • Wazuh – SIEM and XDRThe Open Source Security Platform that provides Unified XDR and SIEM protection for endpoints and cloud workloads
    • Attack and Defend Active Directory
    • Offensive Testing Enterprise Networks
    • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
    • F5 Local Traffic Manager (LTM)F5 Local Traffic Manager (LTM)
    • Incident Response and Forensics
    • Red Team Engagements
  • ZyBER-INTEL
  • ZyBER-NEWS
  • Cookie Policy (EU)
Subscribe

Splunk

  • Home
  • BLUE TEAM
  • Intrusion Detection and Response
  • Splunk
Data Manipulation in Splunk: PART II
Posted inSplunk Splunk Basics

Data Manipulation in Splunk: PART II

Event Boundaries Event breaking in Splunk refers to breaking raw data into individual events based on specified boundaries. Splunk uses event-breaking rules to identify where one event ends, and the next begins. In the…
Read More
Posted by Avatar photo Bharath Narayanasamy
Data Manipulation in Splunk: PART I
Posted inSplunk Splunk Basics

Data Manipulation in Splunk: PART I

Splunk Log Parsing and Transformation Configuration Splunk needs to be properly configured to parse and transform the logs appropriately. Some of the issues being highlighted are: Event Breaking: Ensure Splunk…
Read More
Posted by Avatar photo Bharath Narayanasamy
Regular Expressions
Posted inThreat Hunting SOC Analyst Splunk

Regular Expressions

Regular Expressions: Charsets Searching for Specific Strings Use grep 'string' <file> to search for an exact match. To find patterns rather than exact strings, Regular Expressions (regex) are used. Charsets…
Read More
Posted by Avatar photo Bharath Narayanasamy
Splunk SIEM: Search Processing Language (SPL) Basics
Posted inSplunk Exploring SPL

Splunk SIEM: Search Processing Language (SPL) Basics

Splunk Search Processing Language comprises of multiple functions, operators and commands that are used together to form a simple to complex search and get the desired results from the ingested…
Read More
Posted by Avatar photo Bharath Narayanasamy
 Ship OPNSense Firewall Logs To Splunk SIEM
Posted inSplunk Splunk Basics

 Ship OPNSense Firewall Logs To Splunk SIEM

Shipping OPNsense firewall logs to Splunk centralizes log management, allowing for seamless consolidation with other network and system logs. This integration enhances visibility into network traffic, enabling the identification of…
Read More
Posted by Avatar photo Bharath Narayanasamy
Log Analysis: Basics
Posted inThreat Hunting SOC Analyst Intrusion Detection and Response

Log Analysis: Basics

Understanding Logs in Infrastructure Systems Logs and Their Role Logs are time-sequenced messages recording events within a system, device, or application. Essential for insights into the inner workings of infrastructure…
Read More
Posted by Avatar photo Bharath Narayanasamy
Splunk SIEM: Exploring SPL
Posted inThreat Hunting SOC Analyst Threat Detection and Incident Response

Splunk SIEM: Exploring SPL

Splunk Search & Reporting App Overview The Search & Reporting App is the primary interface on Splunk's Home page used for searching and analyzing data. This app provides several essential…
Read More
Posted by Avatar photo Bharath Narayanasamy
Thraet_Detect_TWO
Posted inDETECT Threat Hunting Threat Detection and Incident Response

Useful Windows Event IDs

Windows System Logs Event ID 1074 (System Shutdown/Restart): This event log indicates when and why the system was shut down or restarted. By monitoring these events, you can determine if there…
Read More
Posted by Avatar photo Bharath Narayanasamy
Posted inSplunk

Splunk SPL 101

Read More
Posted by Avatar photo Bharath Narayanasamy
Splunk: SPL Cheat Sheet for SOC Analysts
Posted inSplunk Splunk Basics Investigating with Splunk

Splunk: SPL Cheat Sheet for SOC Analysts

Splunk Cheat Sheet Query to identify failed login attempts: #Query to identify failed login attempts: sourcetype=auth* "authentication failure" | stats count by user | sort -count Query to identify privilege…
Read More
Posted by Avatar photo Bharath Narayanasamy

Posts pagination

1 2 Next page

Recent Posts

  • The Bait Lab – Phishing Simulations, Practical Campaigns with GoPhish & Evilginx (PART: II)
  • The Bait Lab – Phishing Simulations, Practical Campaigns with GoPhish & Evilginx (PART: I)
  • RED Teaming: Mythic C2 Framework
  • Installing OpenBAS: The OpenSource Breach and Attack Simulation
  • Metasploit Framework (MSFconsole) Cheatsheet

Categories

AD AD attacks brute-force caldera dfir drupal Elastic linux LTM NIST red-team SIEM snort splunk Threat Intel threat_detection Threat_hunting vulnhub wazuh wireshark

Copyright 2025 — NetwerkLABS. Powered by TekGenX Consulting. All rights reserved.
Scroll to Top

Powered by
...
►
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
►
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
►
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
►
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
►
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by