Event Log Collection
In this lab you will use Splunk Enterprise to ingest logs from a local host for analysis
Introduction: The CYBRScore Event Log Collection lab is a Cybrary premium lab intended for intermediate students. The CYBRScore Event Log Collection lab teaches students how to get local logs into Splunk, which builds toward having skill in using security event correlation tools. This skill is important for the work roles of Cyber Defense Analyst, Cyber Defense Incident Responder, and Security Control Assessor.
Upon successful completion of the CYBRScore Event Log Collection lab, the student will be able to ingest local logs into Splunk and verify that Splunk is receiving the data. The CYBRScore Event Log Collection lab will take most students less than 1-hour to complete.
Skill/Activity Breakdown: In the CYBRScore Event Log Collection lab, students will learn about importing local logs into Splunk. Learning how to import local logs into Splunk is a early skill that works toward the goal of developing skill in using security event correlation tools. Being able to use security event correlation tools is a critical ability for Cyber Defense Analysts, Cyber Defense Incident Responders, and Security Control Assessors. Having skill in using security event correlation tools will also build toward being able to perform event correlation to actively monitor networks and investigate attacks.
Completing the Event Log Collection Lab by importing local logs into Splunk in a virtual environment lays a foundation for the student to perform the same tasks on personal equipment. The student could install the free version of Splunk and repeat the lab tasks locally to set up monitoring of the home environment. For instance, on a Windows machine, the student would be able to track successful and failed logins. The student can use these logs to practice searches using Splunk's Search Processing Language and try different features, like putting the information into tables and performing statistical analysis of the information. One recommended activity is starting with a simple search for Windows Security Logs, then using that initial search to try different commands and visualizations.
Conclusion: The CYBRScore Event Log Collection lab is presented by Cybrary and was created by CYBRScore. This lab provides a great foundation to begin working with security event correlation tools. The CYBRScore Event Log Collection lab is a great addition for students pursuing the Become a Security Operations Center (SOC) career path as well as providing critical training for the Cyber Defense Analyst work role. Completion of the Event Log Collection lab means that the student has learned how to import data from a local machine and begin monitoring events in real-time.
Click on the CYBRScore Event Log Collection lab to learn how to quickly create reports from searches.
When defending networked digital systems, attention must be paid to the logging mechanisms set in ...
In this course we will learn about an approach to collect events from windows devices ...