Soc Cybersecurity Threat Hunting With Splunk

Threat Hunting with Splunk SIEM for Cybersecurity Analysis and SOC Analysts

What you'll learn

Threat Hunting with Splunk Knowledge

APT Analysis

Integrating Different Software with Splunk

Find 0-Day Cyber Threats with Data Science and Splunk

Requirements

Basic Knowledge of Network and Cybersecurity

Basic Knowledge of Splunk Search Processing Language (SPL)

Description

The SOC Cybersecurity Threat Hunting with Splunk training course has been developed and edited by Mohammad Mirasadollahi in an online format, consisting of 68 instructional videos on Splunk, along with practical course files. The course covers Threat hunting with Splunk from beginner to advanced levels, based on the latest Cybersecurity standard educational topics in the world. It has been published as a practical course on Udemy under the title "SOC Cybersecurity Threat Hunting with Splunk."With SOC Cybersecurity Threat Hunting with Splunk course, you will be able to easily identify cyber-attacks using Splunk in any SOC. Learning Threat Hunting with Splunk in SOC is one of the most important skills required by organizations in the field of information security.The complexity of Cybersecurity attacks in recent years has rendered traditional methods ineffective in detecting advanced Cybersecurity attacks and APT groups. As a result, relying solely on traditional approaches such as firewalls, antivirus software, and EDR is no longer sufficient, and we need cybersecurity experts in the field of threat detection and identification.Currently, cybersecurity analysts in Security Operations Centers (SOCs) can detect various attacks by analyzing and dissecting events received from different infrastructure and software, relying on their knowledge and various tools.Cybersecurity experts and analysts require technology for continuous log analysis, which involves aggregating logs in a central system called SIEM (Security Information and Event Management). With the capabilities provided by SIEM, they can detect cyber threats.SIEMs are referred to as the beating heart of every SOC. Currently, one of the most powerful SIEMs available worldwide, with many followers, is Splunk software.Splunk is a software used for data storage, search, investigation, and analysis. Cybersecurity experts can use Splunk Enterprise to examine and analyze data, identify patterns, and establish logical connections between data to detect complex Cybersecurity attacks.Therefore, many organizations are striving to migrate from traditional methods to modern ones for better Cybersecurity attack detection. Due to the importance of cybersecurity experts in data analysis, log and event analysis, and the popularity of Splunk SIEM software, the SOC Cybersecurity Threat Hunting with Splunk training course will cover the techniques of threat hunting, investigation, analysis, and detection of Cybersecurity attacks using Splunk.

Overview

Section 1: Introduction - Welcome

Lecture 1 Introduction - Welcome

Section 2: Threat Hunting Lab Setup with Splunk

Lecture 2 Splunk installation from scratch

Lecture 3 Splunk bulk Apps and Addons Installation

Lecture 4 Splunk Boss of The SOC (BOTS) Installation

Lecture 5 Import Lab Attacks Data to Splunk

Section 3: Base Knowledge for Splunk and Threat Hunting

Lecture 6 What is Splunk

Lecture 7 What is Indicator of Compromise (IoC)

Lecture 8 Cyber Kill Chain and MITRE ATT&CK

Section 4: Basic Attacks Hunting with Splunk

Lecture 9 Large Web Upload Hunting

Lecture 10 Hunting with Top and Rare Commands

Lecture 11 Network Connections Hunting with Splunk

Lecture 12 Basic Scanning Detection with Splunk

Lecture 13 Brute Force Attack Detection with Splunk

Section 5: Windows Attacks Detection with Splunk

Lecture 14 Windows Process Analysis

Lecture 15 Basic Malicious Process Hunting with Splunk

Lecture 16 Parent and Child Process Tree analysis with Splunk

Lecture 17 Hunting Malicious Windows Process CommandLine

Lecture 18 Fake Windows Processes Hunting

Lecture 19 Process Injection Hunting

Lecture 20 What is LSASS Process

Lecture 21 Create Remote Thread Into LSASS

Lecture 22 Access LSASS Memory for Dump Creation

Lecture 23 Credential Dumping through LSASS Access

Lecture 24 What is Mimikatz

Lecture 25 Hunting Mimikatz Using Sysmon and Splunk

Lecture 26 Windows Mimikatz Binary Execution Hunting with Splunk

Lecture 27 Hunting Mimikatz with Powershell and Splunk

Section 6: Active Directory Domain Controller Attack Detection with Splunk

Lecture 28 What is Kerberos Protocol

Lecture 29 Kerberoasting Attack Hunting - Part 01

Lecture 30 Kerberoasting Attack Hunting - Part 02

Lecture 31 DCSync Attack Detection

Lecture 32 Overpass-the-Hash Attack Detection

Lecture 33 Pass-the-Ticket Attack Detection

Lecture 34 What is NTLM Protocol

Lecture 35 Pass-the-Hash Attack Detection

Section 7: Anomaly Activity Hunting with Data Science and Splunk

Lecture 36 Data Science and Splunk

Lecture 37 Standard Deviation

Lecture 38 Normal Distribution or Gaussian Distribution

Lecture 39 Empirical or 68–95–99.7 rule

Lecture 40 ICMP Tunnel Outlier Detection

Lecture 41 Windows Process CommandLine outlier Detection

Lecture 42 SMB Traffic Anomaly Detection

Lecture 43 What is Splunk Machine Learning Toolkit

Lecture 44 DNS Outlier Detection with Splunk MLTK

Section 8: Splunk Integration for Cyber Threat Intelligence

Lecture 45 Malware Detection with Cyber Threat Intelligence

Lecture 46 Malware Info Enrichment

Lecture 47 MISP integration with Splunk - Part 01

Lecture 48 MISP integration with Splunk - Part 02

Lecture 49 AlienVault OTX Integration with Splunk

Lecture 50 VirusTotal Integration with Splunk

Section 9: Threat Hunting with ChatGPT and Splunk

Lecture 51 What is ChatGPT

Lecture 52 ChatGPT Integration with Splunk

Lecture 53 Threat Hunting with ChatGPT and Splunk

Section 10: Malicious Activity Hunting with Splunk and RITA

Lecture 54 What is Real Intelligence Threat Analytics (RITA)

Lecture 55 RITA Installation and Configuration

Lecture 56 Splunk Integration with RITA

Lecture 57 Beaconing Detection with RITA and Splunk

Lecture 58 DNS Tunneling Detection with RITA and Splunk

Section 11: Lateral Movement Detection with Splunk

Lecture 59 PsExec Attack Detection with Splunk

Lecture 60 PowerShell spawned Process Lateral movement Detection with Splunk

Lecture 61 WMI Lateral Movement Detection with Splunk

Lecture 62 WinRM-WinRS Attack Detection with Splunk

Lecture 63 Svchost Lolbas Execution Process Spawn with Splunk

Section 12: Persistence Hunting with Splunk

Lecture 64 Image File Execution Options Injection with Splunk

Lecture 65 Schedule Task with Rundll32 Command Trigger Hunting with Splunk

Lecture 66 Sc Exe Manipulating Windows Services Hunting with Splunk

Lecture 67 Time Provider Persistence Registry Hunting with Splunk

Lecture 68 ETW Registry Disabled Hunting with Splunk

Security Operations Center (SOC) analysts,Cybersecurity Threat Hunters,Splunk Engineers,Threat Intelligence Analysts,DFIRs