From 1f1795bbf092f0cc44fb01acaab6a15d66614e12 Mon Sep 17 00:00:00 2001
From: Matthew Iverson <matthew@noreply.localhost>
Date: Sun, 3 Nov 2024 22:13:05 -0500
Subject: [PATCH] Add 6 SIEMs/Splunk/splunk_mockup.md

---
 6 SIEMs/Splunk/splunk_mockup.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 6 SIEMs/Splunk/splunk_mockup.md

diff --git a/6 SIEMs/Splunk/splunk_mockup.md b/6 SIEMs/Splunk/splunk_mockup.md
new file mode 100644
index 0000000..91d15e3
--- /dev/null
+++ b/6 SIEMs/Splunk/splunk_mockup.md	
@@ -0,0 +1,30 @@
+Ubuntu 22 Server
+sftp splunk file
+
+APPs
+  cyberchef
+  pcap anlayzer
+  splunk stream
+  Network Diagram Viz
+
+DATA
+ BotsV1
+ BotsV2
+ BotsV3
+
+2 cables
+  span
+
+- Zeek https://medium.com/@cybertoolguardian/zeek-installation-in-ubuntu-60835ee3e42c
+REMEBER TO TURN PORTS ON, ENS192 STARTED DOWN, You'll get a "zeek started and immediately stopped" message if it's down
+    ip link set ensXXXX up
+
+- Suricata https://docs.suricata.io/en/latest/quickstart.html
+
+REPORTS
+- Add all sigma rules https://github.com/SigmaHQ/sigma/tree/master/rules/windows/
+- add all mitre rules
+
+
+Remote Windows host
+https://www.activecountermeasures.com/building-and-running-zeek-on-windows-server-2022/
\ No newline at end of file