Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

TechDefence Labs

Splunk Onboaring and Attack Detection

Splunk Setup

Attacking

PHASE 3

DATE

Splunk SIEM

What is SIEM ?

Splunk SIEM

SIEM stands for Security Information and Event Management. It is a type of software that helps organizations monitor and analyze security-related events on their network. SIEM tools collect and correlate data from various sources such as logs, network devices, applications, and security solutions to provide a centralized view of the security posture of an organization.

What is Splunk ?

Splunk is a software platform used for searching, monitoring, and analyzing large amounts of data in real-time. It is commonly used in IT operations, security, and business intelligence

Splunk

Features of Splunk

Features

1. Search and Analysis

2. Real-time Visibility

3. Machine Learning

4. Security and Compliance

5. Data Ingestion

6. Scalability and Performance

7. Operational Intelligence

Splunk Log Collector

Splunk Onbaording

Splunk Setup

Splunk onboarding refers to the process of configuring data inputs in Splunk Enterprise to collect, index, and analyze machine-generated data from various sources such as logs, metrics, and events. The goal of onboarding is to make the data available for analysis in Splunk so that it can be used to gain insights, troubleshoot issues, and improve operational efficiency.

Splunk SIEM Onboard

Splunk Setup

*Dashboard*

*Installation*

Splunk Forwarder

Splunk Forwarder

*Configure it with host IP*

*Types of logs we want*

Finally Logs Forwarded

Splunk Log Collector

*Logs are up and running properly*

Reverse Shell through Msfvenom

Reverse Shell

Msfvenom is a command-line tool in the Metasploit framework that allows you to generate custom payloads for various exploits. These payloads can be used to gain unauthorized access to vulnerable systems or devices. It can create payloads for different architectures and operating systems, and can encode them in various formats to evade detection by antivirus software.

Releases

Msfvenom

Resources Needed

Resources Needed

ROI

ROI

Product 2

Product 2

Product 1

Product 1

Releases

Releases

Resources Needed

Resources Needed

ROI

ROI

Product 2

Product 2

Summary

Summary

Summary

Summary

Learn more about creating dynamic, engaging presentations with Prezi