The Centralized Monitoring Lab from CybrScore will introduce the student to centralized monitoring using Splunk. The lab covers importing existing data and doing a basic search. You will also set up a TCP/UDP input.
This lab is appropriate for intermediate students who have some familiarity with the concept of centralized monitoring. Beginning students should also be able to complete the lab successfully, but it may require a bit more time. Once completed, the student will be able to perform initial setup of Splunk, import saved data, and set-up a TCP/UDP input. The lab has 1-hour limit. This time will likely be enough for beginning students and should be more than enough time for intermediate students. This lab will help develop knowledge of security event correlation tools, which is important for the Law Enforcement/Counterintelligence Forensics Analyst and Cyber Defense Forensics Analyst work roles. The lab will also help develop skill in the use of security event correlation tools. This is part of the Cyber Defense Incident Responder and Security Control Assessor work roles. This lab helps develop the ability to monitor system operations and react to events in response to triggers and/or observations or trends or unusual activity, which is important for Cyber Operators. This lab is part of the SOC Analyst - Level 2 and Cyber Security Engineer career paths.
- Skills: Deploy a basic centralized monitoring solution using Splunk
- Time limit: 1 hour
- Skill level: Intermediate
- Work Roles: Cyber Defense Forensics Analyst, Cyber Defense Incident Responder, Cyber Operator, Law Enforcement/Counterintelligence Forensics Analyst, Security Control Assessor