Cybersecurity Detection Lab: Forwarding Windows Event Logs to Splunk Using Universal Forwarder
HTML-код
- Опубликовано: 15 июн 2021
- In this video, I walk through how to add Download and Install the Splunk Universal forwarder and forward logs from a Windows Domain Controller to a Splunk Enterprise Instance.
___________________________________________
RESOURCES:
• Download Splunk Universal Forwarder: www.splunk.com/en_us/download...
• Building A Cybersecurity Homelab Blog/Documentation: www.cyberwoxacademy.com/post/...
• Splunk Fundamentals 1: www.cyberwoxacademy.com/post/...
• Splunk Core Certified User Blog: www.cyberwoxacademy.com/post/...
• How to Pass the Splunk Core Certified User Video: • How To Pass The Splunk...
______________
JOIN CYBERWOX ACADEMY ON DISCORD!
/ discord
CHECK OUT CYBERWOX ACADEMY'S WEBSITE
www.cyberwoxacademy.com
CHECK OUT CYBERWOX ACADEMY ON RUclips!
/ @cyberwoxacademy
I hope you like this video! Please like, comment(ask me anything, I’m more than happy to help!), and subscribe:
/ daycyberwox
_____________
ABOUT ME
Hey there ~ I’m Day, I work as a Security Engineer. I make videos about cybersecurity, college, internships, certifications, and whatever else is on my mind. Thanks so much for watching :)
_____________
COLLABORATIONS & CONTACT
IG & Twittter: @daycyberwox
Email: day@cyberwoxacademy.com
________________________________________________
My Amazon Shop: www.amazon.com/shop/daycyberwox
________________________________________________
MY DESK COMPONENTS
VIVO Electric Height Adjustable 63 x 32 inch - amzn.to/3G9MuCK
Work Desk - amzn.to/3G7fQS9
Autonomous ErgoChair Pro - www.autonomous.ai/office-chai...
VIOTEK SUW49C 49-Inch Super Ultrawide - tinyurl.com/vtekul49
VIOTEK NB32CB 32-Inch LED - tinyurl.com/vtek32
HyperX QuadCast Microphone - amzn.to/3f03dws
Pop Filter - amzn.to/3t8pv7F
InnoGear Microphone Arm Stand - amzn.to/3t8gvPC
Rii RK901 Wireless Keyboard - amzn.to/3F8dgdB
Multi-Device Bluetooth RGB Keyboard - amzn.to/3JRLNjS
Desk Mat - amzn.to/3q3RinM
Razer Basilisk X Hyperspeed Wireless Gaming Mouse - amzn.to/3F7IbXa
Ergonomic Mouse Pad - amzn.to/3f0syq2
Phone Stand for Desk - amzn.to/3F7IsJG
iPad - 10.9-inch iPad Air Wi-Fi 256GB - Rose Gold
MacBook - 13-inch MacBook Pro - Space Gray, USB-C to USB Adapter
Laptop Dock - amzn.to/3f4TmFQ
Docking Station/USB hub - amzn.to/3zAA9Fg
Straight Monitor Mount - amzn.to/3zzBo7K
Adjustible Monitor Mount - amzn.to/3F8j46T
Sony Alpha a6400 - amzn.to/3F0xshq
Sigma 16mm Lens - amzn.to/337JCYx
Cold Shoe Adapter A6400 - amzn.to/3JRC6BZ
Dummy Battery Pack - amzn.to/3JPXVSu
Light mount - amzn.to/3f4NFaE
Light - amzn.to/3q2c4UF
Elgato Master Mount - amzn.to/3G94TQg
Elgato Flex Arm L - amzn.to/3t9POu2
Elgato 4k Cam Link - amzn.to/3f0EyI7
Amazon Echo Dot - amzn.to/32TruSD
Foot Rest - amzn.to/3F0KCeg
Paper Shedder - amzn.to/3q8hgXm
Kove Commuter 2 Speakers - www.koveaudio.com/products/co...
Govee LED Strips - amzn.to/3zL6auw
________________________________
DISCLAIMER:
This video description has some affiliate links and I may receive a small commission for purchases made through these links. Thank you for your support!
Great video! I’ve been looking for someone to go through the process at a steady pace and you have done a excellent job of that. I will definitely be keeping an eye out for newer videos. Keep it up!
I finally completed this project! 🥳🥳 This was an amazing project to get hands-on with and troubleshoot. Can't wait to play around more later. Thanks Day!
Great video
Thank you wonderful person!
Thanks Man ✌
Awesome video! I've been trying to figure out how this worked
Glad to help!
Do you know anything about Threat Intelligence Analysts by any chance in terms of like a home lab?
Thanks!
You're welcome!
nice bro!
Thanks dude!
can we use in collect to forward logs to splunk
Thanks so much for this. Could you share your steps with me
Hi there, I installed the universal forwarder on windows, installed the microsoft TA too, currently I am able to capture Registry logs but in the logs i receive in splunk indexer, the user who did the action is not in the logs. can you help me pls?
After doing lab setup how we can see AD logs like creation of user or adding to group in splunk...
Generate it by performing those attacks 🙂
i didn't find the AD in the splunk forworder
same issue
Mine just took a while before showing up. Also refreshed the web page.
I couldn't connect to the wifi in the Domain Controller. I've done everything you have so far but I have no wifi. Any suggestions?
Same problem. Did you fix it?
@@mustafanoorzaiy4447 see the reply
HELP, I can't see the "local event logs" option in my splunk interface. From 12:45
I had the same issue too. I had to copy the inputs.conf file from C:\ProgramFiles\SplunkUniversalForwarder\etc\system\default and paste it at C:\ProgramFiles\SplunkUniversalForwarder\etc\system\local. Hope that helps
How are you connected to the wifi in the Domain Controller? I've done everything you have so far but I have no wifi, so I can't install universal forwarder
got the same issue. were u able to fix it?
@@charlesbutawan2034 I had the same issue and I missed the part where I was supposed to change the domain vm network adapter to vmnet3.
@@kentrelaustin7196 i changed it already but i still get the same issue :/
@@charlesbutawan2034 did you fix it ?
I managed to fix it. You have to create a firewall rule on your pfsense interface to allow connections from that machine.
1. Go to your pfsense web interface from your kali machine as shown in previous videos
2. After logging in, at the top bar, go to "Firewall" and then "Rules" from the dropdown.
3. Select the network where your Domain controller is. In my case it was "Organization Network."
4. Click the "Add" button at the bottom with the arrow pointing downwards.
5. Change these settings: Action -> Pass, Protocol -> Any, Source -> Any, Destination -> Any.
6. Click save and finally Apply changes at the top.
That should give internet access to the machines you want.