Collecting and analysing logs with Splunk
Optimising the use of machine and log data
The target audience for training
- Systems and network administrators
What you will learn
This course will take you through the techniques needed to audit an iOS mobile application, as well as the most common vulnerabilities in this type of application.
Whether you're a technical auditor or a developer, you need to know about bad security practices and exploitation techniques. Come and learn more about the vulnerabilities associated with this platform in this training course!
This course will show you advanced auditing methods for Android mobile applications.
The aim of the course is to go beyond the "Introduction" course. This course is entirely practical.
Training programme
- Duration: 2 days
Module 1: Installing Splunk; retrieving/injecting data
- Big Data concepts
- Installing Splunk on Windows
- Index files and directories via the web interface
- Implementation of the Universal Forwarder
- Index management
- Data retention period
- Practical work: installing and configuring Splunk; using Universal Forwarder to retrieve Apache/Linux and Active Directory/Windows logs
Module 2: Data mining
- Queries using Search Processing Language, or SPL, a language developed by Splunk
- Boolean operators, commands
- Search using time ranges
- Practical exercises: implementing the definition of field extractions, event types and labels; processing csv files; extracting statistics from Firewall log files.
Module 3: Dashboards (Basic)
- Dashboards and operational intelligence, bringing out the data
- Types of graphs
- Practical work: creating and enhancing a dashboard with graphs linked to the research carried out
Module 4: Dashboards (Advanced)
- Advanced SPLLookup commands
- Produce regular (scheduled) dashboards in PDF format
- Practical exercises: creating and enhancing a dashboard with graphs linked to the research carried out; creating numerous dashboards based on the analysis of Windows events with a view to attack scenarios.
Module 5: Application installation
- Install an existing Splunk or third-party application
- Adding dashboards and searches to an application
- Practical work: creating a new Splunk application; installing an application and viewing network traffic statistics
Module 6: Data models
- Data models
- Taking advantage of regular expressions
- Optimising search performance
- Rotate data
- Practical work: using the pivot command and templates to display data
Module 7: Data enrichment
- Grouping related events, notion of transaction
- Take advantage of several data sources
- Identify relationships between fields
- Predicting future values
- Uncovering abnormal values
- Practical work: carrying out in-depth searches on databases
Module 8: Alerts
- Monitored conditions
- Triggering action following a confirmed alert
- Be proactive with alerts
- Practical work: executing a script when an attacker manages to connect to a server using Brute Force SSH
Training objectives
- Be able to understand the Splunk User and Splunk Administrator concepts
- Learn how to install Splunk
- Be able to write simple search queries in the data
- Know how to apply different data visualisation techniques using graphs and dashboards
- Be able to implement Splunk to analyse and monitor systems
- Understand how to write advanced data search queries
- Configuring alerts and reports
Training prerequisites
- Basic knowledge of networks and systems
- Language : French
- Level : Fundamental
- Certification body : ACG CYBERACADEMY
- Certification: No
- Accessibility : Yes
- Duration: 2 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).