Add 6 SIEMs/Splunk/splunk_mockup.md
This commit is contained in:
30
6 SIEMs/Splunk/splunk_mockup.md
Normal file
30
6 SIEMs/Splunk/splunk_mockup.md
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
Ubuntu 22 Server
|
||||||
|
sftp splunk file
|
||||||
|
|
||||||
|
APPs
|
||||||
|
cyberchef
|
||||||
|
pcap anlayzer
|
||||||
|
splunk stream
|
||||||
|
Network Diagram Viz
|
||||||
|
|
||||||
|
DATA
|
||||||
|
BotsV1
|
||||||
|
BotsV2
|
||||||
|
BotsV3
|
||||||
|
|
||||||
|
2 cables
|
||||||
|
span
|
||||||
|
|
||||||
|
- Zeek https://medium.com/@cybertoolguardian/zeek-installation-in-ubuntu-60835ee3e42c
|
||||||
|
REMEBER TO TURN PORTS ON, ENS192 STARTED DOWN, You'll get a "zeek started and immediately stopped" message if it's down
|
||||||
|
ip link set ensXXXX up
|
||||||
|
|
||||||
|
- Suricata https://docs.suricata.io/en/latest/quickstart.html
|
||||||
|
|
||||||
|
REPORTS
|
||||||
|
- Add all sigma rules https://github.com/SigmaHQ/sigma/tree/master/rules/windows/
|
||||||
|
- add all mitre rules
|
||||||
|
|
||||||
|
|
||||||
|
Remote Windows host
|
||||||
|
https://www.activecountermeasures.com/building-and-running-zeek-on-windows-server-2022/
|
||||||
Reference in New Issue
Block a user