Hey I’m know I’m late to the party😂😂😂 But great video. I’m 40 year old army veteran who’s been trucks for the last 9 years and by far this has been the easiest tutorial to follow. Thank you.
I'm glad that you enjoyed the video and thank you for the feedback! My goal is always to make videos that are easy to follow because otherwise they are worthless.
@@MotionMasterMike Yes I got my first job last August. The interview went well it was more like a conversation rather than an interview. They only asked me two very simple technical questions. It’s been a full month now at this job.
Simple and clear explanations - A non techie such as myself could easily understand - Glad I got redirected to this channel - I am now a subscriber - Thanks for your work and time. 🙏
@ 6:03 Mouse over "EventCode" and without clicking, simply move the mouse over the "=1102" and it will highlight both (you actually managed to do this before clicking), then you can add the entire section to your search. Thank you for this video! I'd love to see a series of progressively complex tutorials for this.
@@henryijeoma Splunk can be a useful thing to know but keep in mind that there's a lot to learn at the entry level before I recommend diving into a tool like Splunk. Unfortunately Splunk restricts a lot of features without a paid plan but there are also lots of alternatives out there if you just want to learn a SIEM tool.
Software/applications are generally very similar when comparing locally hosted (i.e., on-premise) and cloud-based. That said, if you want to guarantee the exact same results as in this video, I recommend following the steps I have provided.
This is a great guide for starting out. Im having issues translating it to using multiple files as sources for the search. I am learning all this from scratch which this tutorial helped a lot with but when it comes to files I have been given to search for specific things such as looking to see if a login was suspicious it from 4 different files it only seems to want to pull the source from 1 file not all of the files I thought I had entered into splunk.
Thanks Job for such informative share. At the end of the video you asked about to share the important events or logs that need to be monitored. Please share your list :)
Hi John, I love the way you teach us. I have 2 questions to get an answer from you. 1.) I am also trying to learn Splunk since I am not doing any IT job now.(I was in IT Network security before for 1.5 years and we used Fortinet SIEM which is little difficult to customize).My question is, Splunk needs a business account email to download or register which I don't have. What can I do at this stage to try Splunk? 2.) What is the other alternative SIEM tool apart from Splunk that you can recommend to learn?
You can get a trial of Splunk without a business email. Wazuh is another popular option that you can try. Ultimately, it's about learning a tool in the SIEM category, and not necessarily about the specific tool.
Just came across this video, very informative. Q. However when I opened my Splunk I don’t see the create table view as you have in the video, is their way to fix that and have back on it to be able to create a table view? Thank you.
I'm glad that you enjoyed the video! Since I can't see your screen, it's difficult to troubleshoot the issue, but make sure you are doing everything the exact same as I do in the video, including the operating system, if you want the same results. Also remember that GUIs do change over time but Splunk has a tremendous amount of resources available on their website for reference.
@@JonGoodCyber I feel like I AM is really close to my first IT job and my IAM role is quite ambiguous cause I'm first a developer than slipped into IAM then want to move to SOC. Some point I can put cybersecurity and my coding skills together
I always recommend beginning with my Getting Started page ( jongood.com/getstarted/ ) and grabbing my free eBook, which includes a lot of helpful information. Additionally, my channel is full of helpful information that would be impossible to summarize in a single comment, so you just need to start working through the videos!
I recommend following the video steps exactly including the operating system. I recently retested this for somebody and confirmed that it is still accurate, if followed as provided.
What’s the best niche to learn in 2023? I’m turning 40 have had my own landscape business for 20 years but looking to change paths this fall so I want to start learning. I graduated in 2020 with my associates in businesss and software development. Coding was challenging for me and during Covid it was hard to find a job bad timing
For which area? Since my content is primarily around Cyber Security I'm assuming that's the area you're asking about. Specifically cloud and GRC are two of the biggest emerging areas but they aren't to be learned in a silo and you still need foundational knowledge that can be found in my eBook's roadmap ( jongood.com/getstarted/ ).
@@JonGoodCyber ty very much for the response! I'm looking at GRC and trying to narrow down a good niche to learn in that field that could allow me to find a good enrty level job soon. Trying to figure out what to focus on as to not waste any more time and get busy learning. I been watching all sorts of videos lately on here lately and maybe thats confising me more.
Things shouldn't take an unreasonably long amount of time assuming there isn't a massive amount of information to ingest. Remember that the amount of resources available to the system will impact how Splunk performs.
Question: around 4:50 you were saying how the wildcard search was looking for local events only - since your on a VM is it possible for events in the Host Machine to be detected as well?
By default Splunk will not ingest logs from a remote source/system. If you want to bring logs in from a remote system, you need to configure the Splunk Forwarder on that system but that is outside the scope of this video.
i'm just getting a 404 error when trying to create an local event log collection. Anybody else see this? I get a pop up saying changes were saved, then it stays on the selection screen. If I back out and view the collections list there are still 0 inputs.
I would try restarting the system as a first step, but you might also find some useful fixes in the Splunk community forums if nobody else has seen this issue here.
here is some of the event that should be monitored, in my perspective the even clear log, might be one of the must important due to hackers 'cleanup' is to delete the event that have occured during there time on the machine. Pass the Hash Detection Remote Desktop Logon Detection External Media Detection Application Allow listing Application Crashes System or Service Failures Windows Update Errors Windows Firewall Clearing Event Logs Software and Service Installation Account Usage Kernel Driver Signing Group Policy Errors Windows Defender Activities is there a way to save all of the event that showes up on Splunk? or is it only live action, and if cleared it, gone?
There's absolutely a ton of stuff that you can monitor and the list grows all the time. You can save the queries into dashboards, tables, etc. or of course you can save the query text and copy/paste it when you need to perform a search. Splunk indexes information but the more that it processes, the more that Splunk will charge you.
Different operating systems function and collect logs differently. If you want to match things exactly as in this video, you need to use the same configuration described (Windows Server 2022). Microsoft has trial downloads of the operating system that you can use for free, however the setup of the operating system is outside the scope of this video.
I'm not sure where that came from but that is incorrect. Of course, you're only going to get the trial version though so you will be limited in what you can do.
I recommend checking the Splunk website for operating system compatibility. That said, you're likely going to run into differences when installing/configuring everything.
Hello, I have a question and hopefully you will answer it. So, I'm working as Quality Assurance in Splunk reseller company. I get confused about my job description and have no idea what I have to do. I hope you can give me some example what QA's can do for
I'm not sure what kind of tasks that you have for Quality Assurance as I work in Cyber Security but Splunk at its core is a database tool that you can use to make sense of data. You might try looking at available apps within Splunk or reaching out to Splunk directly.
Thanks for sharing! Certainly those are several important events centered around user accounts. What about events regarding groups? Firewall changes? Processes starting/stopping? Logs being full? What are some of the event IDs associated to these types of events? There's even more than those that I would consider standard events that need to be monitored.
I recommend reviewing the system requirements from Splunk ( docs.splunk.com/Documentation/Splunk/9.1.0/Installation/SystemRequirements ). I don't typically recommend server software being installed on a client operating system even if it is supported. You're much better off creating a virtual machine with a server OS and practicing that way.
I have upcoming interview scheduled this week. Can you share basic interview questions that can be asked in splunk Siem tool for security analyst position (2+year)
@@ishwaryanarayan1010 I have several videos on the channel for interview preparation and this Splunk tutorial that you should watch. Also, make sure to let me know how the interview goes and to help other people in a similar situation!
@@JonGoodCyber Interview was good . First technical round I was nervous didn’t do as expected even for known scenarios and second round I did well . Questions asked: 2 rounds of technical Questions More on scenario based questions like attacks (phishing , malicious outbound traffic, infected hostmachine etc) and how I would approach,previous experience in handling realtime incidents,insider threat(data leakage) , threat hunting and technical questions , how I would convey technical details to non technical audience, my experience in siem tool ( log analysis etc) , splunk dashboard creation, log search queries based on scenario, diff between encryption and hashing. Still waiting for round2 results 🙏will update here regarding results and next steps
So, are you saying that I can only learn splunk and have no other skills and get a job ? Which splunk specialization/s do you think are the best to get a remote job. I live on a small island. Where online can people practice and help with splunk. To learn and get experience to put on a resume.
I never said that nor would I say that as that statement will lead you to disappointment. Frequently areas like IT, Security Operations Centers or even business analytics teams will have people responsible for managing Splunk itself but unless you have a development background or a background in that particular area, you aren't going to be very valuable/competitive. Splunk has a ton of documentation on their website so that is a good place to start practicing various exercises.
@@JonGoodCyber okay, i did a lot of coding, but im not good at coding. I'm doing a Qualys VMDR course now, I'm half confused, so I was looking to see if I should try splunk after.
So I just recently downloaded Splunk and I went where it says local inputs like you said but no where does it have “local even log collection” anywhere.
I recommend going back through and repeating the steps exactly as provided. I just redid the steps to verify that nothing has changed and although the user interface has changed slightly, the labels and everything are still exactly the same as this video.
Well I cannot guarantee that it'll be the same on Mac because as stated this installation was on a Windows system and Windows has different logs than MacOS. I recommend checking out the installation guide for MacOS ( docs.splunk.com/Documentation/Splunk/9.1.0/Installation/InstallonMacOS ) if you're set on running it that way. Otherwise you might consider trying the installation on Linux or Windows as it's not as likely that you're going to see Splunk installed on a Mac in the real world, at least not for the management console.
Please I’ll be glad I I have some one to mentor i started on my own but its not easy in some parts I’m short of funds too I’ll be really happy if someone helps to get along with me 🙏🏻🙏🏻 once more I appreciate your good work sir
question no schools teach splunk? you have to find/take online courses!! so in the real world, wouldn't the employer teach you how to really use it for their purpose? and do they understand that no REAL SCHOOLS/UNIVERSITIES TEACH THIS?
Regardless of the training option, they all have limited time, and even the quality options aren't going to be able to teach you everything you'll ever need. Cyber Security is very much a career field where you need to get good at not only learning from training programs, but also from self learning if you want to be successful. I'm not sure what you mean by a "real" school/university, but just because something isn't taught in a program, doesn't mean you can avoid learning it if it's a requirement of a job. The people that are highly successful in this career field take ownership of their journey and find a way to learn what they need. As shown in this video, there's trial versions of many common commercial products that you can experiment with as well as comparable open source options, like Wazuh in this case, that will at least teach you how the category/type of tool works.
@@JonGoodCyber I agree with you! most folks know that cisco bought splunk and will be administering it soon! don't think ccna's ccnp's aren't jumping the online learning track.
@@bulcub Administering and using are certainly two different levels of knowledge, but when people are actually in a role, much of the learning comes out of necessity. Change takes time, but it's also not guaranteed that everybody running a Cisco shop will switch to Splunk.
I'm certainly not "sort of yelling" but unlike a lot of other creators, I have a high-quality microphone and record at an appropiate volume level for all speakers.
Although I don't know your exact scenario, anything in the private IP space should work it sounds like: -10.0.0.0 to 10.255.255.255 -172.16.0.0 to 172.31.255.255 -192.168.0.0 to 192.168.255.255
@@JonGoodCyber I'm a newbie,was doing my CompTia pentest,but couldn't really replicate the tools output (eg nmap port scans )because he was using a server to hack which showed a network rather then just my 1 router.
While I appreciate the work you put into these videos, if I have to register and give them a lead to learn their software (and possibly advocate for it in jobs), no thanks.
Basically all commercial tools are going to force you into their system but you certainly have the choice whether or not to do so. I'm just providing training on a high-demand tool and don't benefit either way.
Why do you think that? Sticking to extremes like just open source or just closed source...is a dangerous strategy. You can find more information about Splunk's views on open source here: www.splunk.com/en_us/blog/learn/splunk-open-source.html#:~:text=Though%20Splunk's%20core%20products%20are,it%20came%20to%20data%20platforms.
Yes but MR you need to spend to buy you need and live so according to what you say, no one need to spend and save save save so are you going to ware and eat money lol
My professional background speaks for itself thanks. Anyways despite the fact that it sounds like you're a Linux purist, any "real IT or cyber" person knows that you use the appropiate tool to fit a the situation and to not try to force a solution. Reviewing Windows logs is a good place to start as a large majority of systems being monitored are running the Windows operating system.
only video on Splunk worth listening to. Much better then Splunk's own videos about ... t-shirts.
I'm glad that you enjoyed the video and thank you for the feedback!
Yup, I completely agree, especially about being much better than Splunk’s own videos!
lol right
Hey I’m know I’m late to the party😂😂😂 But great video. I’m 40 year old army veteran who’s been trucks for the last 9 years and by far this has been the easiest tutorial to follow. Thank you.
I'm glad that you enjoyed the video and thank you for the feedback! My goal is always to make videos that are easy to follow because otherwise they are worthless.
The best video out there that actually helps you understand what Splunk is and how to use it!
Excellent and thank you for sharing! These are the kinds of comments I love to see.
Appreciate you doing more of these lab tutorials in different tools, it helps a lot! Thanks.
Glad you like them!
Thank you so much....i love the simple analysis and explanation...You saved me a great deal of trouble. Respect bro.
I'm happy to hear that you found it helpful!
Learned this in a bootcamp in 2021 and your video refreshed my memory. Thank you so much!
Glad it helped!
Did you get a job since graduating and if you did, how did you pass the interviewing process without being denied?
@@MotionMasterMike Yes I got my first job last August. The interview went well it was more like a conversation rather than an interview. They only asked me two very simple technical questions. It’s been a full month now at this job.
@@miloboy55bro i heard that there is a huge demand for the people who r very good at splunk...is it true?
@@nahidsarker69 Definitely. There are positions that hire specifically if you have Splunk knowledge. They pay extremely well.
Simple and clear explanations - A non techie such as myself could easily understand - Glad I got redirected to this channel - I am now a subscriber - Thanks for your work and time. 🙏
Welcome and I'm glad that you like the content!
Thank you, I’ve been trying to find an easy video to learn about and configure splunk.
Glad it was helpful!
@ 6:03 Mouse over "EventCode" and without clicking, simply move the mouse over the "=1102" and it will highlight both (you actually managed to do this before clicking), then you can add the entire section to your search. Thank you for this video! I'd love to see a series of progressively complex tutorials for this.
would you advice entry level cyber analysts to learn splunk?
Yep thanks for sharing Bradley! Either way works I just happened to not click the actual event ID.
@@henryijeoma Splunk can be a useful thing to know but keep in mind that there's a lot to learn at the entry level before I recommend diving into a tool like Splunk. Unfortunately Splunk restricts a lot of features without a paid plan but there are also lots of alternatives out there if you just want to learn a SIEM tool.
Thanks Jon, love the format and content. Greatly appreciated.
Glad you enjoy it!
Literally amazing and preety much simpler than anyone else. Thanks
Glad it helped and you are welcome!
Thank you! Best tutorial style, perfect. Please make more stuff exactly like this.
Thanks for the feedback and I'm glad that you enjoyed the video!
Does all this work on splunk cloud.....then explain its setup...🙂
Software/applications are generally very similar when comparing locally hosted (i.e., on-premise) and cloud-based. That said, if you want to guarantee the exact same results as in this video, I recommend following the steps I have provided.
Thanks for explaining it in a simple way with a demo
You're welcome and I'm glad that you found it helpful!
Great, so many videos do not show how to import the data...the step before submitting queries. Thank you from this beginner.
Glad it was helpful!
simple but yet informative
Thanks! Glad you found it helpful.
Jon...first time here...I dig your style!! You have a new subscriber!! Ok...back to the vids
Awesome! Thank you and glad to have you here!
Great video! I’m catching this late, but it was very helpful!
Glad it was helpful!
Great information, thank you so much! I needed this SIEM solution to install and configure for a client.
I'm glad that you found the content helpful...you're welcome and thank you for sharing!
This video is totally worth it. Great work
Glad you think so, and thank you for the support!
This is a great guide for starting out. Im having issues translating it to using multiple files as sources for the search. I am learning all this from scratch which this tutorial helped a lot with but when it comes to files I have been given to search for specific things such as looking to see if a login was suspicious it from 4 different files it only seems to want to pull the source from 1 file not all of the files I thought I had entered into splunk.
Glad it was helpful! Splunk can certainly get complex the deeper that you go.
Thanks Job for such informative share. At the end of the video you asked about to share the important events or logs that need to be monitored. Please share your list :)
I'm glad that you enjoyed the content! The question is a challenge for YOU to research and answer, not something directed at myself.
Hi John, I love the way you teach us. I have 2 questions to get an answer from you. 1.) I am also trying to learn Splunk since I am not doing any IT job now.(I was in IT Network security before for 1.5 years and we used Fortinet SIEM which is little difficult to customize).My question is, Splunk needs a business account email to download or register which I don't have. What can I do at this stage to try Splunk? 2.) What is the other alternative SIEM tool apart from Splunk that you can recommend to learn?
You can get a trial of Splunk without a business email. Wazuh is another popular option that you can try. Ultimately, it's about learning a tool in the SIEM category, and not necessarily about the specific tool.
Best Splunk tutorial out there. Others are just about a lot of things
Thank you and I'm glad that you enjoyed it!
Thank you I’m 🆕 your teaching skills are impactful 📈
Glad you think so!
Just came across this video, very informative.
Q. However when I opened my Splunk I don’t see the create table view as you have in the video, is their way to fix that and have back on it to be able to create a table view? Thank you.
I'm glad that you enjoyed the video! Since I can't see your screen, it's difficult to troubleshoot the issue, but make sure you are doing everything the exact same as I do in the video, including the operating system, if you want the same results. Also remember that GUIs do change over time but Splunk has a tremendous amount of resources available on their website for reference.
@@JonGoodCyber Thank you
This is great! i appreciate it , you have been super helpful!!
Glad it was helpful!
Gracias por el contenido de hecho estoy preparándome para tomar una certificación de splunk y este es un gran inicio. Saludos desde Mexico
I'm glad that you enjoyed it!
Thanks so much! thinking about transferring from an IAM role to SOC :)
I'm glad that you enjoyed it! That's great...what's driving the switch?
@@JonGoodCyber I feel like I AM is really close to my first IT job and my IAM role is quite ambiguous cause I'm first a developer than slipped into IAM then want to move to SOC. Some point I can put cybersecurity and my coding skills together
@@masterchief5437 awesome stuff! I also recommend looking into DevSecOps and Application Security as those are also roles related to your background.
@@JonGoodCyber thanks for the advice!
Good morning. I'm preparing for an internship i don't have a industrial space yet. any help is really appreciated.
I always recommend beginning with my Getting Started page ( jongood.com/getstarted/ ) and grabbing my free eBook, which includes a lot of helpful information. Additionally, my channel is full of helpful information that would be impossible to summarize in a single comment, so you just need to start working through the videos!
hi!great vid, but my "spl" wasn't letting me add to it.
I’m glad you enjoyed it! What do you mean?
I think he means when you make a new template , there's an "spl" part ,his was possibly not enabled to input the code , copied from earlier.
That's what happened to me !
I don't have the "Local event log collection" under setting
I recommend following the video steps exactly including the operating system. I recently retested this for somebody and confirmed that it is still accurate, if followed as provided.
Account lockouts on domain domain controllers !
That is definitely something to monitor!
Thanks for giving such wonderful real time experience
Thank s alot
Put more vidoes on splunk
Thank u jhon
I'm glad that you enjoyed the video!
What’s the best niche to learn in 2023? I’m turning 40 have had my own landscape business for 20 years but looking to change paths this fall so I want to start learning. I graduated in 2020 with my associates in businesss and software development. Coding was challenging for me and during Covid it was hard to find a job bad timing
For which area? Since my content is primarily around Cyber Security I'm assuming that's the area you're asking about. Specifically cloud and GRC are two of the biggest emerging areas but they aren't to be learned in a silo and you still need foundational knowledge that can be found in my eBook's roadmap ( jongood.com/getstarted/ ).
@@JonGoodCyber ty very much for the response! I'm looking at GRC and trying to narrow down a good niche to learn in that field that could allow me to find a good enrty level job soon. Trying to figure out what to focus on as to not waste any more time and get busy learning. I been watching all sorts of videos lately on here lately and maybe thats confising me more.
I can't speak for other creators but the resources are there in my content for you to follow if you're willing to put in the work.
I wasn't sure where I can find Splunk login portal. Thank you. I am in Splunk dashboard.
I'm glad that the content was helpful!
I appreciate you sharing your knowledge.
My pleasure!
Thanks for making things so easy to understand
Glad you think so and you're welcome!
Very nice and crisp , thanks lot
I'm glad that you enjoyed the video!
I am in "local host and after choose applications security and system and click save, it taka a lil long to finish it this is normal?
Things shouldn't take an unreasonably long amount of time assuming there isn't a massive amount of information to ingest. Remember that the amount of resources available to the system will impact how Splunk performs.
Nice video. Very informative ❤
Glad it was helpful!
Simple and well explained. Thx
Glad it was helpful!
this helped me a lot :) thanks
Glad it helped and you are welcome!
This ought to be easy considering I have been doing this stuff with scripts I have been writing for years.
I hope the content helps you!
Question: around 4:50 you were saying how the wildcard search was looking for local events only - since your on a VM is it possible for events in the Host Machine to be detected as well?
By default Splunk will not ingest logs from a remote source/system. If you want to bring logs in from a remote system, you need to configure the Splunk Forwarder on that system but that is outside the scope of this video.
i'm just getting a 404 error when trying to create an local event log collection. Anybody else see this? I get a pop up saying changes were saved, then it stays on the selection screen. If I back out and view the collections list there are still 0 inputs.
I would try restarting the system as a first step, but you might also find some useful fixes in the Splunk community forums if nobody else has seen this issue here.
here is some of the event that should be monitored, in my perspective the even clear log, might be one of the must important due to hackers 'cleanup' is to delete the event that have occured during there time on the machine.
Pass the Hash Detection Remote Desktop Logon Detection
External Media Detection
Application Allow listing
Application Crashes
System or Service Failures
Windows Update Errors
Windows Firewall
Clearing Event Logs
Software and Service Installation
Account Usage Kernel Driver Signing
Group Policy Errors
Windows Defender Activities
is there a way to save all of the event that showes up on Splunk? or is it only live action, and if cleared it, gone?
There's absolutely a ton of stuff that you can monitor and the list grows all the time. You can save the queries into dashboards, tables, etc. or of course you can save the query text and copy/paste it when you need to perform a search. Splunk indexes information but the more that it processes, the more that Splunk will charge you.
@4:05 - Local event log collection is not showing on my Mac. Anyone know why?
Different operating systems function and collect logs differently. If you want to match things exactly as in this video, you need to use the same configuration described (Windows Server 2022). Microsoft has trial downloads of the operating system that you can use for free, however the setup of the operating system is outside the scope of this video.
I'm using windows server 2022, but this local event log collection is not showing. What should I do
I want to get into cybersecurity too.
Excellent! I recommend grabbing my free eBook ( jongood.com/getstarted/ ) to get started.
You can only download this only if you work for a company right? i wanted to get into splunk to learn it as a skill, so i can look for a job .
I'm not sure where that came from but that is incorrect. Of course, you're only going to get the trial version though so you will be limited in what you can do.
Can I install on Mac?
I recommend checking the Splunk website for operating system compatibility. That said, you're likely going to run into differences when installing/configuring everything.
Hello, I have a question and hopefully you will answer it. So, I'm working as Quality Assurance in Splunk reseller company. I get confused about my job description and have no idea what I have to do. I hope you can give me some example what QA's can do for
I'm not sure what kind of tasks that you have for Quality Assurance as I work in Cyber Security but Splunk at its core is a database tool that you can use to make sense of data. You might try looking at available apps within Splunk or reaching out to Splunk directly.
@@JonGoodCyber Thank you so much for your kindly responses.
Importat Events to monitor is 4624,4625,1102,4634,4720,4722,4725,4740,4767
Thanks for sharing! Certainly those are several important events centered around user accounts. What about events regarding groups? Firewall changes? Processes starting/stopping? Logs being full? What are some of the event IDs associated to these types of events?
There's even more than those that I would consider standard events that need to be monitored.
This is really good. Thanks man!
I'm glad that you enjoyed it!
Do I need windows 10/11 pro to do this project? Or can I just use windows 10/11 free or home?
I recommend reviewing the system requirements from Splunk ( docs.splunk.com/Documentation/Splunk/9.1.0/Installation/SystemRequirements ). I don't typically recommend server software being installed on a client operating system even if it is supported. You're much better off creating a virtual machine with a server OS and practicing that way.
Very informative 👍
Glad it was helpful!
I have upcoming interview scheduled this week. Can you share basic interview questions that can be asked in splunk Siem tool for security analyst position (2+year)
@@ishwaryanarayan1010 I have several videos on the channel for interview preparation and this Splunk tutorial that you should watch. Also, make sure to let me know how the interview goes and to help other people in a similar situation!
@@JonGoodCyber sure will share:)
@@JonGoodCyber Interview was good . First technical round I was nervous didn’t do as expected even for known scenarios and second round I did well . Questions asked: 2 rounds of technical Questions
More on scenario based questions like attacks (phishing , malicious outbound traffic, infected hostmachine etc) and how I would approach,previous experience in handling realtime incidents,insider threat(data leakage) , threat hunting and technical questions , how I would convey technical details to non technical audience, my experience in siem tool ( log analysis etc) , splunk dashboard creation, log search queries based on scenario, diff between encryption and hashing. Still waiting for round2 results 🙏will update here regarding results and next steps
Thank you. I was able to follow...very good video!
Glad it helped!
Breach and or log in errors
Those are absolutely two great things to monitor! I think breaches are fairly self explanatory but why might be looking for errors be useful?
useful 👍
Glad you think so!
Great video
Glad you enjoyed it!
@@JonGoodCyber I did. My company's security team just deployed it. I'm on the engineering side and want to get familiar with it.
So, are you saying that I can only learn splunk and have no other skills and get a job ? Which splunk specialization/s do you think are the best to get a remote job. I live on a small island.
Where online can people practice and help with splunk. To learn and get experience to put on a resume.
I never said that nor would I say that as that statement will lead you to disappointment. Frequently areas like IT, Security Operations Centers or even business analytics teams will have people responsible for managing Splunk itself but unless you have a development background or a background in that particular area, you aren't going to be very valuable/competitive. Splunk has a ton of documentation on their website so that is a good place to start practicing various exercises.
@@JonGoodCyber okay, i did a lot of coding, but im not good at coding. I'm doing a Qualys VMDR course now, I'm half confused, so I was looking to see if I should try splunk after.
Hello, thank you sir,but we are absolutely in desperate need of more goodies about on Splunk like this.
Thank you for the request...I always let people vote with their views as that's the best way to see which content that people enjoy!
@@JonGoodCyber in that case, 10 votes for Splunk
muy bueno el video explica lo esencial :)
I'm glad that you enjoyed it!
simply great presentation
Glad you liked it!
thank you! splunk is so important
You're welcome! Remember that Splunk isn't the only tool that does this stuff so try to learn a few if possible.
So I just recently downloaded Splunk and I went where it says local inputs like you said but no where does it have “local even log collection” anywhere.
I recommend going back through and repeating the steps exactly as provided. I just redid the steps to verify that nothing has changed and although the user interface has changed slightly, the labels and everything are still exactly the same as this video.
@@JonGoodCyber okay I’ll redo it right now
@@JonGoodCyberdo you by any chance think it’s because I have splunk on Mac book ?
Well I cannot guarantee that it'll be the same on Mac because as stated this installation was on a Windows system and Windows has different logs than MacOS. I recommend checking out the installation guide for MacOS ( docs.splunk.com/Documentation/Splunk/9.1.0/Installation/InstallonMacOS ) if you're set on running it that way. Otherwise you might consider trying the installation on Linux or Windows as it's not as likely that you're going to see Splunk installed on a Mac in the real world, at least not for the management console.
@@JonGoodCyber okay thanks the reason I use it on a Mac device because that’s all I have. But thanks for responding and helping me !!! 🙏🏼
Nice
Any Soc analyst here?
I'm glad that you enjoyed it! I'm sure there are definitely SOC Analysts here.
Please I’ll be glad I I have some one to mentor i started on my own but its not easy in some parts I’m short of funds too I’ll be really happy if someone helps to get along with me 🙏🏻🙏🏻 once more I appreciate your good work sir
Great video....I like the cut of its jibb:)
I'm glad that you enjoyed the video!
helpful vid. thank you.
I'm glad that you enjoyed it!
Thanks 😊
You're welcome!
question no schools teach splunk? you have to find/take online courses!! so in the real world, wouldn't the employer teach you how to really use it for their purpose? and do they understand that no REAL SCHOOLS/UNIVERSITIES TEACH THIS?
Regardless of the training option, they all have limited time, and even the quality options aren't going to be able to teach you everything you'll ever need. Cyber Security is very much a career field where you need to get good at not only learning from training programs, but also from self learning if you want to be successful. I'm not sure what you mean by a "real" school/university, but just because something isn't taught in a program, doesn't mean you can avoid learning it if it's a requirement of a job. The people that are highly successful in this career field take ownership of their journey and find a way to learn what they need. As shown in this video, there's trial versions of many common commercial products that you can experiment with as well as comparable open source options, like Wazuh in this case, that will at least teach you how the category/type of tool works.
@@JonGoodCyber I agree with you! most folks know that cisco bought splunk and will be administering it soon! don't think ccna's ccnp's aren't jumping the online learning track.
@@bulcub Administering and using are certainly two different levels of knowledge, but when people are actually in a role, much of the learning comes out of necessity. Change takes time, but it's also not guaranteed that everybody running a Cisco shop will switch to Splunk.
I did a course on Cyber Security how to find jobs in this field
Thanks for sharing!
When you are showing your self on camera and sort of yelling, I swear my brain hears "Project Farm's" voice.
I'm certainly not "sort of yelling" but unlike a lot of other creators, I have a high-quality microphone and record at an appropiate volume level for all speakers.
VERY- INTERESTING.
I'm glad that you enjoyed it.
Jon is very good
Thank you for watching!
I needed this video, thank you
You're so welcome!
Can anyone give me a dummy network IP address? I need to use it for a lab.
Although I don't know your exact scenario, anything in the private IP space should work it sounds like:
-10.0.0.0 to 10.255.255.255
-172.16.0.0 to 172.31.255.255
-192.168.0.0 to 192.168.255.255
@@JonGoodCyber I'm a newbie,was doing my CompTia pentest,but couldn't really replicate the tools output (eg nmap port scans )because he was using a server to hack which showed a network rather then just my 1 router.
While I appreciate the work you put into these videos, if I have to register and give them a lead to learn their software (and possibly advocate for it in jobs), no thanks.
Basically all commercial tools are going to force you into their system but you certainly have the choice whether or not to do so. I'm just providing training on a high-demand tool and don't benefit either way.
Potential hidden malware within the system which you can identify through unusual system logs?...I guess
You're on the right track...what are some indicators that we might look for or to determine what's "unusual?"
@@JonGoodCyber what was the answer ?
@@jonasbaine3538 What do you think the answer is? This is a question for people to answer so we can discuss it, not a question for me.
is splunk open source? if not, it is not suitable for security at all.
Why do you think that? Sticking to extremes like just open source or just closed source...is a dangerous strategy. You can find more information about Splunk's views on open source here: www.splunk.com/en_us/blog/learn/splunk-open-source.html#:~:text=Though%20Splunk's%20core%20products%20are,it%20came%20to%20data%20platforms.
Yes but MR you need to spend to buy you need and live so according to what you say, no one need to spend and save save save so are you going to ware and eat money lol
I don't understand your comment.
You might want to sto shouting in your video intros
Thanks for watching! I wasn't shouting but I do use a volume that works for all speakers. Also, this video is over 1 year old.
Splunk on Windows LMFAO as soon as you say "splunk on windows" You lose all credability as a real IT or Cyber guy....
My professional background speaks for itself thanks. Anyways despite the fact that it sounds like you're a Linux purist, any "real IT or cyber" person knows that you use the appropiate tool to fit a the situation and to not try to force a solution. Reviewing Windows logs is a good place to start as a large majority of systems being monitored are running the Windows operating system.
I'm glad that you enjoyed the content!