Hello. My name is Isaac. Welcome to lean on security.
Okay. To start this love's here we navigate this ivory that I t.
and then the brows section. We start in centralized monitoring and click on it,
then opens this window. Then we launched the lab.
So we launched the item in the window,
and we wait for the lab
So the virtual environment is getting ready
So in this blank lab, we're going to be uploading logs manually into the Splunk environment and also will upload
automatically through the network.
So we click next here and click. Okay.
All right. So here we are at log in. So we use a student logging
and type in the password,
and he entered here.
Okay, so we get a message to restart the computer
so that we can reset the
when those seven virtual
Okay, great. So here we are, back at the log in here. We selected student logging and type in the password again.
All right, so now we're loved into the window seven environment. So next thing we want to do is to open this plunk application.
So he's going to start select the All Programs folder
here. We can look for the Splunk Enterprise application.
There it is. Splunk into price. Click on it.
All right. So click on Splunk Enterprise
searching and gets opened here.
So we're going to log into the Splunk Enterprise application
type in. The password changed me,
Okay, I'm just close this over here.
All right, so we can just keep the password change
So now we select the free license
and click save here.
Change was successful. So way started right now to reset the ex Plunk environment. It's will.
All right. So Splunk will be We're starting
in a few minutes, so just
Okay? So the restart has been successful.
All right, so we can continue our browser.
So the next things were going to
from the data sources, we click on upload here,
so like, the lab files,
It was like Mel secure log.
Right? And that a blue for us done so we click on the next button.
Next, we'll set the source type and we can see the store. Stipe is that system default? So accept it. And quick Next.
the source that name here,
also should be the same mail server
So the simple settings. Also, we select the holes field value and
put in the value mail server as well.
So we review our values
check everything is correct
and then we click. Submit.
What can we add? More dater
Okay, so now we also moved to the
said source type by clicking next,
and so we can see this source type is not a default now.
if we click on it and type in the
name off the source type
and also tuck in the description
click Save, we get an error here, job terminated unexpectedly. So to correct this, what we need to do is ensure that the source type we said it at the default value,
so we select the system defaults
so we can click next year.
type in double it'll be doing
the leader of you want access
for the description.
Okay, that goes through now.
So the whole field, we also
the hole's feel value
reporting data sources Now
go to the third item here. Select.
So, Stipe, is that system default? So we click next
and put the source that name Toby W one
description. Also Www one secure,
So on impulse settings. We put the holes food value again.
Everything's okay. So we submit it,
All right, so we'll be doing this for all the logs that we have there.
So the source type system defaults
that we don't be doubly to access.
The description was typing the same thing.
and holds field value. We type in
So everything is okay. We submit it.
So we still have three more logs to upload.
So stop system defaults. So we click next again.
we saved the source type. Name
the little bit of you to secure
So are the infant settings. We find the host value
put in the values here.
I have two more logs,
So the mental process
taking us much time here. So you select a source type. We like the system. Defaults.
and we have a source type
description. The beauty of you. Tree access here
Put it in the whole field Value
So you're enjoying this process
of adding more data, So we're going to add the last data here
This is really fun. Select file
and select the last lock here.
system defaults. Yes.
So we click on next again
and type in this source name. Source type name here.
And the description here also
All right. So we put in the holes field value again.
The little bit of the three Secure
Everything's Okay, so we submitted.
All right, so now we're done uploading all the
we're going to need here.
what we need to do is to
So next we're going to do is to search, and
we're going to search and report this. So we click Splunk here,
click on search and reporting.
for this I p address that we type in here,
we're We're trying to analyze all the logs that
have this I p address within them
because this I p address has been identified to be malicious.
So we click search there,
and so we can see that there are 307 to 6 events with that particular
and we can see the events
per page here. And we can also see the time for each of these events that have this
particular I p address.
So we've just done a search for the specific hosts.
All right, let's go back to Splunk here.
And this time we're going to do
an automated search. So we click on the monitor here,
and then we're going to click on TCP.
So we come here we type in 20,000 here
All right, so here at the
we need to select the manual process in the lake source type,
and also the method will select their I p.
But let's let's just go back here and
and ensure that we actually selected the TCP
and not the UDP. So you click back next year.
So for the manual, we're not going to type the source type, which is a six log
then going to select the method, which is the I p.
All right, so we can
now click on the review
the all the items before submitting
so you couldn't submit now.
so that we can send the TCP