Soc Cybersecurity Threat Hunting With Splunk
Published 4/2024
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English
| Size: 5.40 GB
| Duration: 2h 34m
Threat Hunting with Splunk SIEM for Cybersecurity Analysis and SOC Analysts
What you'll learn
Threat Hunting with Splunk Knowledge
APT Analysis
Integrating Different Software with Splunk
Find 0-Day Cyber Threats with Data Science and Splunk
Requirements
Basic Knowledge of Network and Cybersecurity
Basic Knowledge of Splunk Search Processing Language (SPL)
Description
The SOC Cybersecurity Threat Hunting with Splunk training course has been developed and edited by Mohammad Mirasadollahi in an online format, consisting of 68 instructional videos on Splunk, along with practical course files. The course covers Threat hunting with Splunk from beginner to advanced levels, based on the latest Cybersecurity standard educational topics in the world. It has been published as a practical course on Udemy under the title "SOC Cybersecurity Threat Hunting with Splunk."With SOC Cybersecurity Threat Hunting with Splunk course, you will be able to easily identify cyber-attacks using Splunk in any SOC. Learning Threat Hunting with Splunk in SOC is one of the most important skills required by organizations in the field of information security.The complexity of Cybersecurity attacks in recent years has rendered traditional methods ineffective in detecting advanced Cybersecurity attacks and APT groups. As a result, relying solely on traditional approaches such as firewalls, antivirus software, and EDR is no longer sufficient, and we need cybersecurity experts in the field of threat detection and identification.Currently, cybersecurity analysts in Security Operations Centers (SOCs) can detect various attacks by analyzing and dissecting events received from different infrastructure and software, relying on their knowledge and various tools.Cybersecurity experts and analysts require technology for continuous log analysis, which involves aggregating logs in a central system called SIEM (Security Information and Event Management). With the capabilities provided by SIEM, they can detect cyber threats.SIEMs are referred to as the beating heart of every SOC. Currently, one of the most powerful SIEMs available worldwide, with many followers, is Splunk software.Splunk is a software used for data storage, search, investigation, and analysis. Cybersecurity experts can use Splunk Enterprise to examine and analyze data, identify patterns, and establish logical connections between data to detect complex Cybersecurity attacks.Therefore, many organizations are striving to migrate from traditional methods to modern ones for better Cybersecurity attack detection. Due to the importance of cybersecurity experts in data analysis, log and event analysis, and the popularity of Splunk SIEM software, the SOC Cybersecurity Threat Hunting with Splunk training course will cover the techniques of threat hunting, investigation, analysis, and detection of Cybersecurity attacks using Splunk.
Overview
Section 1: Introduction - Welcome
Lecture 1 Introduction - Welcome
Section 2: Threat Hunting Lab Setup with Splunk
Lecture 2 Splunk installation from scratch
Lecture 3 Splunk bulk Apps and Addons Installation
Lecture 4 Splunk Boss of The SOC (BOTS) Installation
Lecture 5 Import Lab Attacks Data to Splunk
Section 3: Base Knowledge for Splunk and Threat Hunting
Lecture 6 What is Splunk
Lecture 7 What is Indicator of Compromise (IoC)
Lecture 8 Cyber Kill Chain and MITRE ATT&CK
Section 4: Basic Attacks Hunting with Splunk
Lecture 9 Large Web Upload Hunting
Lecture 10 Hunting with Top and Rare Commands
Lecture 11 Network Connections Hunting with Splunk
Lecture 12 Basic Scanning Detection with Splunk
Lecture 13 Brute Force Attack Detection with Splunk
Section 5: Windows Attacks Detection with Splunk
Lecture 14 Windows Process Analysis
Lecture 15 Basic Malicious Process Hunting with Splunk
Lecture 16 Parent and Child Process Tree analysis with Splunk
Lecture 17 Hunting Malicious Windows Process CommandLine
Lecture 18 Fake Windows Processes Hunting
Lecture 19 Process Injection Hunting
Lecture 20 What is LSASS Process
Lecture 21 Create Remote Thread Into LSASS
Lecture 22 Access LSASS Memory for Dump Creation
Lecture 23 Credential Dumping through LSASS Access
Lecture 24 What is Mimikatz
Lecture 25 Hunting Mimikatz Using Sysmon and Splunk
Lecture 26 Windows Mimikatz Binary Execution Hunting with Splunk
Lecture 27 Hunting Mimikatz with Powershell and Splunk
Section 6: Active Directory Domain Controller Attack Detection with Splunk
Lecture 28 What is Kerberos Protocol
Lecture 29 Kerberoasting Attack Hunting - Part 01
Lecture 30 Kerberoasting Attack Hunting - Part 02
Lecture 31 DCSync Attack Detection
Lecture 32 Overpass-the-Hash Attack Detection
Lecture 33 Pass-the-Ticket Attack Detection
Lecture 34 What is NTLM Protocol
Lecture 35 Pass-the-Hash Attack Detection
Section 7: Anomaly Activity Hunting with Data Science and Splunk
Lecture 36 Data Science and Splunk
Lecture 37 Standard Deviation
Lecture 38 Normal Distribution or Gaussian Distribution
Lecture 39 Empirical or 68-95-99.7 rule
Lecture 40 ICMP Tunnel Outlier Detection
Lecture 41 Windows Process CommandLine outlier Detection
Lecture 42 SMB Traffic Anomaly Detection
Lecture 43 What is Splunk Machine Learning Toolkit
Lecture 44 DNS Outlier Detection with Splunk MLTK
Section 8: Splunk Integration for Cyber Threat Intelligence
Lecture 45 Malware Detection with Cyber Threat Intelligence
Lecture 46 Malware Info Enrichment
Lecture 47 MISP integration with Splunk - Part 01
Lecture 48 MISP integration with Splunk - Part 02
Lecture 49 AlienVault OTX Integration with Splunk
Lecture 50 VirusTotal Integration with Splunk
Section 9: Threat Hunting with ChatGPT and Splunk
Lecture 51 What is ChatGPT
Lecture 52 ChatGPT Integration with Splunk
Lecture 53 Threat Hunting with ChatGPT and Splunk
Section 10: Malicious Activity Hunting with Splunk and RITA
Lecture 54 What is Real Intelligence Threat Analytics (RITA)
Lecture 55 RITA Installation and Configuration
Lecture 56 Splunk Integration with RITA
Lecture 57 Beaconing Detection with RITA and Splunk
Lecture 58 DNS Tunneling Detection with RITA and Splunk
Section 11: Lateral Movement Detection with Splunk
Lecture 59 PsExec Attack Detection with Splunk
Lecture 60 PowerShell spawned Process Lateral movement Detection with Splunk
Lecture 61 WMI Lateral Movement Detection with Splunk
Lecture 62 WinRM-WinRS Attack Detection with Splunk
Lecture 63 Svchost Lolbas Execution Process Spawn with Splunk
Section 12: Persistence Hunting with Splunk
Lecture 64 Image File Execution Options Injection with Splunk
Lecture 65 Schedule Task with Rundll32 Command Trigger Hunting with Splunk
Lecture 66 Sc Exe Manipulating Windows Services Hunting with Splunk
Lecture 67 Time Provider Persistence Registry Hunting with Splunk
Lecture 68 ETW Registry Disabled Hunting with Splunk
Security Operations Center (SOC) analysts,Cybersecurity Threat Hunters,Splunk Engineers,Threat Intelligence Analysts,DFIRs
Free search engine download: SOC Cybersecurity Threat Hunting with Splunk
