DCO-SOGs/6 SIEMs/Splunk/splunk_mockup.md

Ubuntu 22 Server sftp splunk file

APPs cyberchef pcap anlayzer splunk stream Network Diagram Viz

DATA BotsV1 BotsV2 BotsV3

2 cables span

• Zeek https://medium.com/@cybertoolguardian/zeek-installation-in-ubuntu-60835ee3e42c REMEBER TO TURN PORTS ON, ENS192 STARTED DOWN, You'll get a "zeek started and immediately stopped" message if it's down ip link set ensXXXX up

• Suricata https://docs.suricata.io/en/latest/quickstart.html

REPORTS

• Add all sigma rules https://github.com/SigmaHQ/sigma/tree/master/rules/windows/
• add all mitre rules

Remote Windows host https://www.activecountermeasures.com/building-and-running-zeek-on-windows-server-2022/