If you enjoy my TryHackMe videos and are interested in signing up for a subscription, use my affiliate link, I highly appreciate it!
https://tryhackme.com/signup?referrer=603aa8c1190a0a7c5296510f
Today we're coming back to try to solve some cloud cyber mysteries using one of the mostly widely used cybersecurity tools (especially for those working in SOCs as cyber analysts). Splunk is a Security Information and Event Management (SIEM) tool that provides a central location to collect log data from multiple sources within your environment. This data is aggregated and normalized, which can then be queried by an analyst. Splunk is not just for cyber folks; it's used for data analysis, DevOps, etc.
In this video, we walk through part of the TryHackMe Splunk 3 lab. This lab includes data that was generated by members of Splunk's Security Specialist team in their Boss of the SOC version 3 (BOTSv3) data set in 2020. This particular data set features data related to AWS and Azure environments! We'll be looking at AWS Cloudtrail logs, API authentication, and S3 misconfigurations.
In this video we're covering the Series 200 questions, specifically related to Task 3, focusing on AWS.
To see previous Splunk walkthroughs:
https://www.youtube.com/playlist?list=PLw78nfbi6DWicitiVxtPdaMDfnawOWQe0
TryHackMe Splunk Room 3
https://tryhackme.com/room/splunk3zs
00:00 - TryHackMe Splunk 3
04:42 - Splunk 3 Task 3 Q1 - How to see AWS IAM Users in Splunk?
10:21 - Splunk 3 Task 3 Q2 - How to see AWS non-MFA API activity in Splunk?
13:33 - Splunk 3 Task 3 Q3 - How to find server CPU info in Splunk?
15:41 - Splunk 3 Task 3 Q4/5 - How to find AWS S3 policy changes in Splunk?
22:42 - Splunk 3 Task 3 Q6 - How to monitor AWS S3 buckets in Splunk?
25:40 - Splunk 3 Task 3 Q7 - How to see files uploaded to AWS S3 in Splunk?
28:03 - Splunk 3 Task 3 Q8 - How to find host FQDN in Splunk?
Music provided by: https://mccoybeats.com/
#splunk #tryhackme #cyber
**Below you'll find what are known as affiliate links. These are links to things that I actually use and recommend. If you buy them, I will receive a super small kickback that helps support this channel and the giveaways I do on social media. Thanks!!**
(YouTube Gear, IT Devices, Books, Pre-workout I use...STUFF I 100% RECOMMEND)
Here is the Azure Networking fundamentals book I used to help pass the AZ-700 (Affiliate Link): https://amzn.to/3lPb4na
Here is the Comptia Pentest+ training book bundle I used to pass the new PenTest+.
(Affiliate Link) - https://amzn.to/3A9X8Hx
Network+ Study Guide that I co-authored: https://amzn.to/2vTODU2
ECAMM Live Recording Software : https://www.ecamm.com/mac/ecammlive/?fp_ref=john57
Amazon Affiliate Store: https://www.amazon.com/shop/jbizzle703
----------------------------------------------------------------------------------------------------------------------------------------
Subscribe to our monthly newsletter and blog notifications
https://mailchi.mp/e7b56addb7fc/cybersightblog
C-----Y-----B-----E-----R-----I-----N-----S-----I-----G-----H-----T
J.B.C.'s Site ️https://www.jbcsec.com/insights
Swag Store ️ https://www.teepublic.com/user/jbc
Twitter ️ http://www.twitter.com/JBC_SEC
Author ️ https://twitter.com/JBizzle703
----------------------------------------------------------------------------------------------------------------------------------------