Add 6 SIEMs/Splunk/splunk_mockup.md
This commit is contained in:
30
6 SIEMs/Splunk/splunk_mockup.md
Normal file
30
6 SIEMs/Splunk/splunk_mockup.md
Normal file
@ -0,0 +1,30 @@
|
||||
Ubuntu 22 Server
|
||||
sftp splunk file
|
||||
|
||||
APPs
|
||||
cyberchef
|
||||
pcap anlayzer
|
||||
splunk stream
|
||||
Network Diagram Viz
|
||||
|
||||
DATA
|
||||
BotsV1
|
||||
BotsV2
|
||||
BotsV3
|
||||
|
||||
2 cables
|
||||
span
|
||||
|
||||
- Zeek https://medium.com/@cybertoolguardian/zeek-installation-in-ubuntu-60835ee3e42c
|
||||
REMEBER TO TURN PORTS ON, ENS192 STARTED DOWN, You'll get a "zeek started and immediately stopped" message if it's down
|
||||
ip link set ensXXXX up
|
||||
|
||||
- Suricata https://docs.suricata.io/en/latest/quickstart.html
|
||||
|
||||
REPORTS
|
||||
- Add all sigma rules https://github.com/SigmaHQ/sigma/tree/master/rules/windows/
|
||||
- add all mitre rules
|
||||
|
||||
|
||||
Remote Windows host
|
||||
https://www.activecountermeasures.com/building-and-running-zeek-on-windows-server-2022/
|
||||
Reference in New Issue
Block a user