SOC LEVEL 1
  • Path 1
    • Cyber Defense Framework
      • Security Analyst Intro
      • Pyramid of Pain
      • Cyber Kill Chain
      • Unified Kill Chain
      • Diamond Model
      • MITRE
  • PATH 2
    • Cyber Threat Intelligence
      • Intro to Cyber Threat Intel
      • Threat Intelligence Tools
      • Yara
      • OpenCTI
      • MISP
  • PATH 3
    • Network Security and Traffic Analysis
      • Traffic Analysis Essentials
      • Snort
      • Snort Challenge - The Basics
      • Snort Challenge - Live Attacks
      • NetworkMiner
      • Zeek
      • Zeek Exercises
      • Brim
      • Wireshark: The Basics
      • Wireshark: Packet Operations
      • Wireshark: Traffic Analysis
  • PATH 4
    • Endpoint Security Monitoring
      • Intro to Endpoint Security
      • Core Windows Processes
      • Sysinternals
      • Windows Event Logs
      • Sysmon
      • Osquery: The basics
      • Wazuh
  • PATH 5
    • Security Information and Event Management
      • Introduction to SIEM
      • Investigating with ELK 101
      • ItsyBitsy
      • Splunk: Basics
      • Incident Handling with Splunk
      • Investigating with Splunk
      • Benign
  • PATH 6
    • Digital Forensics and Incident Response
      • DFIR: An Introduction
      • Windows Forensics 1
      • Windows Forensics 2
      • Linux Forensics
      • Autopsy
      • Redline
      • Kape
      • Volatility
      • Velociraptor
      • TheHive Project
      • Intro to Malware Analysis
  • PATH 7
    • Phishing
      • Phishing Analysis Fundamentals
      • Phishing Emails in Action
      • Phishing Analysis Tools
      • Phishing Prevention
      • The Greenholt Phish
Powered by GitBook
On this page
  • Incident Handling Life Cycle
  • Preparation
  • Detection and Analysis
  • Containment, Eradication, and Recovery
  • Post-Incident Activity/Lessons Learned
  1. PATH 5
  2. Security Information and Event Management

Incident Handling with Splunk

Learn to use Splunk for incident handling through interactive scenarios.

Incident Handling Life Cycle

Preparation

Preparation describes the readiness of an organization against an attack by documenting requirements, defining policies, incorporating security controls, and hiring and training staff.

Detection and Analysis

Detection engulfs everything included in detecting an incident and the analysis of the incident. This includes investigating alerts from security controls and threat hunting.

Containment, Eradication, and Recovery

Actions needed to prevent incidents from spreading and securing network(s) as well as steps to avoid an attack from spreading into a network by isolating infected host(s), clearing infection traces, and gaining back control.

Post-Incident Activity/Lessons Learned

Identifying loopholes to improve in an organization's security posture that lead to an incident. Pinpointing weaknesses, adding detection rules, and training staff.

PreviousSplunk: BasicsNextInvestigating with Splunk

Last updated 2 years ago