Incident Handling with Splunk

Learn to use Splunk for incident handling through interactive scenarios.

Incident Handling Life Cycle

Preparation

Preparation describes the readiness of an organization against an attack by documenting requirements, defining policies, incorporating security controls, and hiring and training staff.

Detection and Analysis

Detection engulfs everything included in detecting an incident and the analysis of the incident. This includes investigating alerts from security controls and threat hunting.

Containment, Eradication, and Recovery

Actions needed to prevent incidents from spreading and securing network(s) as well as steps to avoid an attack from spreading into a network by isolating infected host(s), clearing infection traces, and gaining back control.

Post-Incident Activity/Lessons Learned

Identifying loopholes to improve in an organization's security posture that lead to an incident. Pinpointing weaknesses, adding detection rules, and training staff.