Log analysis - Day 17 of TryHackMe Advent of Cyber 2024
HTML-код
- Опубликовано: 7 фев 2025
- Advent of Cyber 2024: tryhackme.com/...
Welcome to Day 17 of TryHackMe's Advent of Cyber 2024, where we dive into the powerful world of log analysis using Splunk. Join me as we explore how to extract custom fields, create parsers for logs, and use Splunk's Search Processing Language (SPL) to investigate an incident scenario.
What You'll Learn:
👾 Extracting Custom Fields in Splunk: Learn how to define and extract custom fields from logs, enhancing the detail and usability of the data you analyze.
👾 Creating Parsers for Custom Logs: Understand how to build parsers to normalize and interpret log data that isn't in standard formats, making analysis more efficient.
👾 Using Search Processing Language (SPL): Get hands-on with SPL to filter and narrow down search results, allowing for precise investigation of log data.
👾 Investigation Techniques in Splunk: Discover methodologies for conducting investigations in Splunk, from initial data gathering to piecing together the narrative of an incident.
This challenge involves a scenario where we'll use Splunk to investigate logs from an incident, applying the learning objectives to uncover critical insights about the breach.
Tasks Covered:
🎯 Setting up custom field extractions in Splunk.
🎯 Developing a parser for non-standard log formats.
🎯 Using SPL to refine search queries for incident investigation.
🎯 Practical steps for log analysis and incident response with Splunk.
Ideal for security analysts, IT professionals, or anyone interested in mastering log analysis for cybersecurity purposes.
Join me as we navigate through Splunk's capabilities, turning raw log data into actionable security intelligence, ensuring you're equipped to handle complex log investigations.
