SOC Cybersecurity Threat Hunting with Splunk

Focused View

Mohammad Mirasadollahi

2:33:52

84 View

1. Introduction - Welcome

1. Introduction - Welcome.mp4

03:47

2. Threat Hunting Lab Setup with Splunk

1.1 01- Splunk Installation.txt

1. Splunk installation from scratch.mp4

03:28

2.1 Apps and Addons.rar

2. Splunk bulk Apps and Addons Installation.mp4

01:58

3.1 botsv1-attack-only.zip

3.2 botsv2 data set attack only.7z.zip

3.3 botsv2 data set attack only.7z.zip

3.4 botsv2 data set attack only.7z.zip

3.5 botsv2 data set attack only.7z.zip

3.6 botsv3 data set.zip

3. Splunk Boss of The SOC (BOTS) Installation.mp4

03:25

4.1 Commands and Subtitles.7z

4.2 Logs.rar

4. Import Lab Attacks Data to Splunk.mp4

02:49

3. Base Knowledge for Splunk and Threat Hunting

1. What is Splunk.mp4

01:04

2. What is Indicator of Compromise (IoC).mp4

07:43

3. Cyber Kill Chain and MITRE ATT&CK.mp4

08:11

4. Basic Attacks Hunting with Splunk

1.1 01- Large Web Upload Hunting.txt

1. Large Web Upload Hunting.mp4

00:42

2.1 02- Hunting with Top and Rare Commands.txt

2. Hunting with Top and Rare Commands.mp4

01:49

3.1 03- Network Connection Hunting.txt

3. Network Connections Hunting with Splunk.mp4

01:25

4.1 04- Basic Scanning Detection.txt

4. Basic Scanning Detection with Splunk.mp4

01:32

5.1 05- Brute Force Attack Detection.txt

5. Brute Force Attack Detection with Splunk.mp4

01:37

5. Windows Attacks Detection with Splunk

1. Windows Process Analysis.mp4

01:19

2.1 02- Basic Malicious Process Hunting with Splunk.txt

2. Basic Malicious Process Hunting with Splunk.mp4

02:53

3.1 03- Parent and Child Process Tree.txt

3. Parent and Child Process Tree analysis with Splunk.mp4

03:32

4.1 04- Hunting Malicious Windows Process CommandLine.txt

4. Hunting Malicious Windows Process CommandLine.mp4

01:51

5.1 05- Fake Windows Processes Hunting.txt

5. Fake Windows Processes Hunting.mp4

02:48

6.1 06- Process Injection Hunting.txt

6. Process Injection Hunting.mp4

00:58

7. What is LSASS Process.mp4

00:29

8.1 08- Create Remote Thread Into LSASS.txt

8. Create Remote Thread Into LSASS.mp4

03:46

9.1 09- Access LSASS Memory for Dump Creation.txt

9. Access LSASS Memory for Dump Creation.mp4

02:46

10.1 10- Credential Dumping through LSASS Access.txt

10. Credential Dumping through LSASS Access.mp4

03:20

11. What is Mimikatz.mp4

00:24

12.1 12- Hunting Mimikatz Using Sysmon and Splunk.txt

12. Hunting Mimikatz Using Sysmon and Splunk.mp4

01:23

13.1 13- Windows Mimikatz Binary Execution.txt

13. Windows Mimikatz Binary Execution Hunting with Splunk.mp4

02:11

14.1 14- Hunting Mimikatz with Powershell and Splunk.txt

14. Hunting Mimikatz with Powershell and Splunk.mp4

01:30

6. Active Directory Domain Controller Attack Detection with Splunk

1. What is Kerberos Protocol.mp4

02:02

2. Kerberoasting Attack Hunting - Part 01.mp4

00:55

3.1 03- Kerberoasting Attack Hunting (Part 02).txt

3. Kerberoasting Attack Hunting - Part 02.mp4

01:44

4.1 04- DCSync Attack Detection.txt

4. DCSync Attack Detection.mp4

01:00

5.1 05- Overpass-the-Hash Attack Detection.txt

5. Overpass-the-Hash Attack Detection.mp4

01:00

6.1 06- Pass-the-Ticket Attack Detection.txt

6. Pass-the-Ticket Attack Detection.mp4

01:27

7. What is NTLM Protocol.mp4

01:16

8.1 08- Pass-the-Hash Attack Detection.txt

8. Pass-the-Hash Attack Detection.mp4

01:45

7. Anomaly Activity Hunting with Data Science and Splunk

1. Data Science and Splunk.mp4

01:07

2. Standard Deviation.mp4

03:39

3. Normal Distribution or Gaussian Distribution.mp4

04:24

4. Empirical or 689599.7 rule.mp4

03:55

5.1 05- ICMP Tunnel Outlier Detection.txt

5. ICMP Tunnel Outlier Detection.mp4

03:31

6.1 06- Windows Process CommandLine outlier Detection.txt

6. Windows Process CommandLine outlier Detection.mp4

02:37

7.1 07- SMB Traffic Anomaly Detection.txt

7. SMB Traffic Anomaly Detection.mp4

01:51

8. What is Splunk Machine Learning Toolkit.mp4

01:07

9. DNS Outlier Detection with Splunk MLTK.mp4

02:43

8. Splunk Integration for Cyber Threat Intelligence

1.1 01- Malware Detection with Cyber Threat Intelligence.txt

1.2 Malicious-Domain.rar

1. Malware Detection with Cyber Threat Intelligence.mp4

02:55

2.1 02- Malware Info Enrichment.txt

2. Malware Info Enrichment.mp4

01:44

3.1 03- MISP integration with Splunk - Part 01.txt

3. MISP integration with Splunk - Part 01.mp4

03:22

4.1 04- MISP integration with Splunk - Part 02.txt

4. MISP integration with Splunk - Part 02.mp4

04:55

5.1 05- AlienVault OTX Integration with Splunk.txt

5. AlienVault OTX Integration with Splunk.mp4

01:31

6.1 06- VirusTotal Integration with Splunk.txt

6. VirusTotal Integration with Splunk.mp4

01:51

9. Threat Hunting with ChatGPT and Splunk

1. What is ChatGPT.mp4

00:55

2. ChatGPT Integration with Splunk.mp4

01:57

3.1 03- Threat Hunting with ChatGPT and Splunk.txt

3. Threat Hunting with ChatGPT and Splunk.mp4

02:56

10. Malicious Activity Hunting with Splunk and RITA

1. What is Real Intelligence Threat Analytics (RITA).mp4

00:48

2.1 02- RITA Installation and Configuration.txt

2. RITA Installation and Configuration.mp4

03:41

3.1 03- Splunk Integration with RITA.txt

3. Splunk Integration with RITA.mp4

03:04

4.1 04- Beaconing Detection with RITA and Splunk.txt

4. Beaconing Detection with RITA and Splunk.mp4

01:33

5. DNS Tunneling Detection with RITA and Splunk.mp4

01:01

11. Lateral Movement Detection with Splunk

1.1 01- PsExec Attack Detection.txt

1. PsExec Attack Detection with Splunk.mp4

01:49

2.1 02- PowerShell spawned Process Lateral movement Detection.txt

2. PowerShell spawned Process Lateral movement Detection with Splunk.mp4

01:23

3.1 03- WMI Lateral Movement Detection.txt

3. WMI Lateral Movement Detection with Splunk.mp4

02:01

4.1 04- WinRM-WinRS Attack Detection.txt

4. WinRM-WinRS Attack Detection with Splunk.mp4

01:37

5.1 05- Svchost Lolbas Execution Process Spawn.txt

5. Svchost Lolbas Execution Process Spawn with Splunk.mp4

01:26

12. Persistence Hunting with Splunk

1.1 01- Image File Execution Options Injection.txt

1. Image File Execution Options Injection with Splunk.mp4

01:21

2.1 02- Schedule Task with Rundll32 Command Trigger.txt

2. Schedule Task with Rundll32 Command Trigger Hunting with Splunk.mp4

01:18

3.1 03- Sc Exe Manipulating Windows Services.txt

3. Sc Exe Manipulating Windows Services Hunting with Splunk.mp4

01:01

4.1 04- Time Provider Persistence Registry.txt

4. Time Provider Persistence Registry Hunting with Splunk.mp4

02:45

5.1 05- ETW Registry Disabled Hunting.txt

5. ETW Registry Disabled Hunting with Splunk.mp4

02:15

Description

Threat Hunting with Splunk SIEM for Cybersecurity Analysis and SOC Analysts

What You'll Learn?

Threat Hunting with Splunk Knowledge
APT Analysis
Integrating Different Software with Splunk
Find 0-Day Cyber Threats with Data Science and Splunk

Who is this for?

Security Operations Center (SOC) analysts

Cybersecurity Threat Hunters

Splunk Engineers

Threat Intelligence Analysts

DFIRs

What You Need to Know?

Basic Knowledge of Network and Cybersecurity

Basic Knowledge of Splunk Search Processing Language (SPL)

Basic Knowledge of Splunk

More details

Description
The SOC Cybersecurity Threat Hunting with Splunk training course has been developed and edited by Mohammad Mirasadollahi in an online format, consisting of 68 instructional videos on Splunk, along with practical course files. The course covers Threat hunting with Splunk from beginner to advanced levels, based on the latest Cybersecurity standard educational topics in the world. It has been published as a practical course on Udemy under the title "SOC Cybersecurity Threat Hunting with Splunk."
With SOC Cybersecurity Threat Hunting with Splunk course, you will be able to easily identify cyber-attacks using Splunk in any SOC. Learning Threat Hunting with Splunk in SOC is one of the most important skills required by organizations in the field of information security.

The complexity of Cybersecurity attacks in recent years has rendered traditional methods ineffective in detecting advanced Cybersecurity attacks and APT groups. As a result, relying solely on traditional approaches such as firewalls, antivirus software, and EDR is no longer sufficient, and we need cybersecurity experts in the field of threat detection and identification.
Currently, cybersecurity analysts in Security Operations Centers (SOCs) can detect various attacks by analyzing and dissecting events received from different infrastructure and software, relying on their knowledge and various tools.
Cybersecurity experts and analysts require technology for continuous log analysis, which involves aggregating logs in a central system called SIEM (Security Information and Event Management). With the capabilities provided by SIEM, they can detect cyber threats.
SIEMs are referred to as the beating heart of every SOC. Currently, one of the most powerful SIEMs available worldwide, with many followers, is Splunk software.
Splunk is a software used for data storage, search, investigation, and analysis. Cybersecurity experts can use Splunk Enterprise to examine and analyze data, identify patterns, and establish logical connections between data to detect complex Cybersecurity attacks.
Therefore, many organizations are striving to migrate from traditional methods to modern ones for better Cybersecurity attack detection. Due to the importance of cybersecurity experts in data analysis, log and event analysis, and the popularity of Splunk SIEM software, the SOC Cybersecurity Threat Hunting with Splunk training course will cover the techniques of threat hunting, investigation, analysis, and detection of Cybersecurity attacks using Splunk.
Who this course is for:
Security Operations Center (SOC) analysts
Cybersecurity Threat Hunters
Splunk Engineers
Threat Intelligence Analysts
DFIRs

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Mohammad Mirasadollahi

Instructor's Courses

I am a cybersecurity professional with over ten years of experience in the Cybersecurity field. From a young age, I had a keen interest in computers and networks, which led me to pursue a career in cybersecurity. Through a combination of education and hands-on experience, I have excelled in my profession, achieving significant milestones along the way. Starting as a junior analyst, I quickly advanced by demonstrating exceptional analytical skills and a deep understanding of cyber risks. Over the years, I have taken on leadership roles, leading teams, conducting security audits, and developing robust defense strategies.Continuous learning is a key aspect of my approach. I actively stay updated with the latest industry trends by attending conferences, workshops, and acquiring additional certifications. This commitment ensures that my knowledge and expertise are always at the forefront of cybersecurity practices.One of my strengths lies in my ability to effectively communicate complex concepts in a clear and concise manner. I can bridge the gap between technical and non-technical audiences, making me a trusted advisor in the field. My aim is to make cybersecurity accessible and understandable to everyone.Outside of work, I am dedicated to giving back to the community. I volunteer my time to educate others about cybersecurity best practices and raise awareness about digital safety. Empowering individuals to protect themselves and their digital identities is a core belief of mine in our interconnected world.With my extensive experience, problem-solving skills, and adaptability to emerging threats, I am an invaluable asset to any organization. My passion for cybersecurity, continuous learning, and commitment to excellence make me an ideal candidate for roles that require technical expertise, leadership abilities, and a genuine drive to protect digital assets.For any question, please reach out to: [email protected]

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.