Overview
As part of the defense in depth model it is vitally important to keep tabs on the events occurring on individual devices/systems. In this lab, students will use nmap to conduct a manual service scan to discover any networked devices as well as the services those devices are running. Next, they will log into a Windows workstation to set up auditing for system services, and then enable the auditing of attempts (successes/failures) to use a specific program (Splunk). Finally, the students will validate that the new audit objects are successfully working by reviewing the Event Log for the Windows workstation host.
Learning Partner
CYBRScore
Cybersecurity Technical Hands-on Labs