Time
1 hour 37 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Transcription

00:00
Hello. My name is Isaac. Welcome to lean on security.
00:04
Okay. To start this love's here we navigate this ivory that I t.
00:09
And then we
00:11
and then the brows section. We start in centralized monitoring and click on it,
00:17
then opens this window. Then we launched the lab.
00:21
So we launched the item in the window,
00:26
and we wait for the lab
00:28
lunch.
00:34
So the virtual environment is getting ready
00:38
for a Splunk lap.
00:44
So in this blank lab, we're going to be uploading logs manually into the Splunk environment and also will upload
00:54
loves
00:56
automatically through the network.
01:04
So we click next here and click. Okay.
01:11
All right. So here we are at log in. So we use a student logging
01:15
and type in the password,
01:19
and he entered here.
01:23
Okay, so we get a message to restart the computer
01:27
so that we can reset the
01:32
when those seven virtual
01:34
equipment here.
01:40
Okay, great. So here we are, back at the log in here. We selected student logging and type in the password again.
01:46
Meet. Enter here.
01:49
All right, so now we're loved into the window seven environment. So next thing we want to do is to open this plunk application.
01:57
So he's going to start select the All Programs folder
02:05
here. We can look for the Splunk Enterprise application.
02:10
There it is. Splunk into price. Click on it.
02:15
All right. So click on Splunk Enterprise
02:20
and the Web page
02:22
searching and gets opened here.
02:25
So we're going to log into the Splunk Enterprise application
02:31
type in. The password changed me,
02:38
then signing.
02:43
Okay, I'm just close this over here.
02:46
Close his message.
02:47
All right, so we can just keep the password change
02:53
and goes straight
02:55
into the
02:57
slung platform.
02:59
So now we select the free license
03:01
and click save here.
03:07
Change was successful. So way started right now to reset the ex Plunk environment. It's will.
03:15
All right. So Splunk will be We're starting
03:17
in a few minutes, so just
03:22
hang in there.
03:24
Okay? So the restart has been successful.
03:31
All right, so we can continue our browser.
03:36
So the next things were going to
03:38
add data
03:42
from the data sources, we click on upload here,
03:46
select file.
03:49
So we go to the
03:52
see Dr
03:54
and
03:55
so like, the lab files,
03:59
log files.
04:00
It was like Mel secure log.
04:02
Right? And that a blue for us done so we click on the next button.
04:09
Next, we'll set the source type and we can see the store. Stipe is that system default? So accept it. And quick Next.
04:17
So we can put in
04:18
the source that name here,
04:20
Mail server
04:24
And the description
04:25
also should be the same mail server
04:30
save.
04:32
So the simple settings. Also, we select the holes field value and
04:38
put in the value mail server as well.
04:43
So we review our values
04:46
here,
04:47
check everything is correct
04:49
and then we click. Submit.
04:54
What can we add? More dater
04:58
upload.
05:00
It's like file.
05:09
Okay, so now we also moved to the
05:12
said source type by clicking next,
05:17
and so we can see this source type is not a default now.
05:21
So
05:23
if we click on it and type in the
05:29
name off the source type
05:34
and also tuck in the description
05:39
here,
05:41
click Save, we get an error here, job terminated unexpectedly. So to correct this, what we need to do is ensure that the source type we said it at the default value,
05:55
so we select the system defaults
05:59
system befalls.
06:01
All right,
06:02
so we can click next year.
06:09
Source type
06:11
type in double it'll be doing
06:14
one
06:15
access
06:18
the leader of you want access
06:21
for the description.
06:24
Please save.
06:26
Okay, that goes through now.
06:28
So the whole field, we also
06:30
type in
06:32
the hole's feel value
06:36
Click review.
06:39
All right, we
06:41
review and submit.
06:45
So we add more data
06:48
reporting data sources Now
06:54
go to the third item here. Select.
07:00
Next.
07:03
So, Stipe, is that system default? So we click next
07:09
and put the source that name Toby W one
07:13
secure
07:15
description. Also Www one secure,
07:20
like save.
07:25
So on impulse settings. We put the holes food value again.
07:33
Review.
07:35
Everything's okay. So we submit it,
07:42
add more dater.
07:51
All right, so we'll be doing this for all the logs that we have there.
07:58
So the source type system defaults
08:01
go to next
08:05
that we don't be doubly to access.
08:11
The description was typing the same thing.
08:16
Save
08:20
and holds field value. We type in
08:24
www to access
08:28
and quick review.
08:31
So everything is okay. We submit it.
08:37
So we still have three more logs to upload.
08:43
More data here,
08:45
upload it.
08:46
So let the file
08:48
and
08:50
it's like this log.
08:54
So click on next,
09:01
So stop system defaults. So we click next again.
09:05
And
09:05
we saved the source type. Name
09:09
W W w
09:11
two.
09:13
It's secure
09:16
description. Also,
09:18
the little bit of you to secure
09:20
you click safe.
09:24
So are the infant settings. We find the host value
09:30
put in the values here.
09:33
Quick review
09:35
and submit.
09:41
We add more dater.
09:43
I have two more logs,
09:45
so load here.
09:50
So the mental process
09:54
is
09:56
taking us much time here. So you select a source type. We like the system. Defaults.
10:03
Save
10:05
quick next,
10:07
and we have a source type
10:09
name here.
10:11
Three access
10:16
description. The beauty of you. Tree access here
10:22
weekly Save
10:26
Put it in the whole field Value
10:35
review
10:37
and submit.
10:39
So you're enjoying this process
10:41
of adding more data, So we're going to add the last data here
10:48
uploaded.
10:52
This is really fun. Select file
10:56
and select the last lock here.
11:00
And
11:01
next
11:05
system defaults. Yes.
11:07
So we click on next again
11:13
and type in this source name. Source type name here.
11:18
Www three
11:22
secure.
11:30
And the description here also
11:33
W W w three secure.
11:39
Now click on safe.
11:45
All right. So we put in the holes field value again.
11:48
The little bit of the three Secure
11:54
review.
11:56
Everything's Okay, so we submitted.
12:00
All right, so now we're done uploading all the
12:03
logs
12:05
we're going to need here.
12:07
This lab.
12:18
All right, so next
12:20
what we need to do is to
12:24
review the entries.
12:31
So next we're going to do is to search, and
12:35
we're going to search and report this. So we click Splunk here,
12:43
click on search and reporting.
12:46
So
12:48
for this I p address that we type in here,
12:56
we're We're trying to analyze all the logs that
13:01
have this I p address within them
13:05
because this I p address has been identified to be malicious.
13:09
So we click search there,
13:11
and so we can see that there are 307 to 6 events with that particular
13:18
I p address
13:20
and we can see the events
13:22
per page here. And we can also see the time for each of these events that have this
13:30
particular I p address.
13:31
So we've just done a search for the specific hosts.
13:39
All right, let's go back to Splunk here.
13:41
And this time we're going to do
13:45
an automated search. So we click on the monitor here,
13:48
and then we're going to click on TCP.
13:54
So we come here we type in 20,000 here
14:07
likes Quicken next.
14:15
All right, so here at the
14:18
we need to select the manual process in the lake source type,
14:22
and also the method will select their I p.
14:30
But let's let's just go back here and
14:33
and ensure that we actually selected the TCP
14:39
and not the UDP. So you click back next year.
14:46
All right,
14:48
So for the manual, we're not going to type the source type, which is a six log
14:58
slow cure,
15:01
then going to select the method, which is the I p.
15:16
All right, so we can
15:18
now click on the review
15:22
the all the items before submitting
15:28
so you couldn't submit now.
15:31
And
15:35
now let's go to the
15:37
Kelly Lennar's
15:37
virtual environment
15:41
so that we can send the TCP
15:43
longs
15:45
to our Splunk

Up Next

Linux Fundamentals for Security Practitioners

Linux Fundamentals for Security Practitioners provides an overview on how to properly configure a Linux OS to provide a secure computing environment for end users. We'll cover a combination of materials, focusing on Linux architecture, permissions, commands, directories, and shells to achieve a hardened Linux operating system configuration.

Instructed By

Instructor Profile Image
Isaac Bewarang
System Administrator at Plateau State University
Instructor