Splunk for Security Analyst
Splunk for Security Analyst
- 4.721 students
- Last updated 25/7/2023
Course Description
This self-paced course provides you with a deep understanding of Suricata, an open-source network intrusion detection system (NIDS) that is widely used for monitoring and analyzing network traffic for suspicious activities. The course takes you from the essentials of installation and configuration to advanced threat detection techniques using Suricata’s rule sets, protocols, and logs.
Through hands-on labs and real-world examples, you’ll gain practical skills in creating custom alerts, analyzing packets, and detecting anomalies. Ideal for Security Analysts, SOC teams, and anyone eager to specialize in network security, this course will prepare you to handle network-based threats with expertise.
What You Will Learn
- Install and configure Suricata on Linux and Windows
- Understand and apply Suricata rule sets for detection
- Analyze network traffic to detect intrusions
- Configure alerts for suspicious activities in Suricata
- Interpret Suricata logs for threat intelligence
- Integrate Suricata with SIEM tools for SOC operations
- Tune Suricata for optimal performance and accuracy
- Conduct threat hunting using Suricata’s detection capabilities
Pre-requisites
- Basic networking knowledge and security concepts
- Some experience with network protocols and packet analysis
- Familiarity with Linux command line
Target Audience
Course Content
What is SIEM?
Introduction to Splunk
Splunk Components
Splunk for SOC Components
Data Pipeline
Splunk Default Ports
Splunk App
Index, Datasets, Sources and Sourcetypes
Installing Splunk on Ubuntu Server
Installing Splunk Security Essentials
Explore Fields
rename
table
Fields
head
Top and rare
stats
timechart
chart
Data Ingestion and Parsing
Log Analysis
DNS Log Analysis
DHCP Log Analysis
HTTP Log Analysis
Setting up Splunk UF on Ubuntu Machine
Task#1: Detection of Unauthorized Access on Linux Blocked by Fail2Ban
Install and set up Fail2ban
Simulate the SSH Brute force attack
Analyzing logs on Splunk
Task #2: Monitoring and Investigating Suspicious Process Execution
Install Sysmon for Linux
Setting up Splunk UF and Splunk Dashboard
Simulate a Suspicious Process Execution attack & Analyzing logs on Splunk
Task#3: File Integrity Monitoring for Sensitive Directories
Installing and setting up Auditd
Setting up Splunk
Simulate Unauthorized change attempt & Analyzing logs on Splunk
Setting up Windows Server 2022
Installing and setting up Splunk Universal Forwarder on Windows Server 2022
Installing Sysmon
Setting up Splunk
Simulate the attack and Visualize on Splunk Dashboard
Task 2: Investigating PowerShell Abuse on Windows Machines
Setting up Splunk
Simulate the attack and Visualize on Splunk Dashboard
Task 3: Monitoring Windows Registry Changes
Setting up Splunk
Simulate the attack and Visualize on Splunk Dashboard
Find Users IP Address
Discover List of Website visited by a suspicious user
Detecting Malicious Network Scanner
Setting up Splunk
Finding Malicious Traffic: Analyzing Connection to Specific domains
Detecting Data Exfiltration
Detecting Suspicious User Agent
Monitor for connections to potentially phishing-related URLs
Detect Successful use logins
Detect repeated failed login attempts
Detect Local group membership changes
Detect Process Creation using certain accounts
Instructor
Senior Security Consultant
- With over a decade of experience in cybersecurity and author of multiple works on security monitoring, Rajneesh is a trusted expert in open-source security tools, cloud security, and SOC automation. He has implemented and optimized ELK deployments for global clients and specializes in turning raw log data into actionable security intelligence. Rajneesh’s instruction style is both practical and thorough, ensuring you gain job-ready ELK skills.
This course includes:
- 8+ hours of hands-on learning
- 15+ Real World Scenarios
- Cloud-based Lab Access
- Life-time Community Access
- Learn from Mobile, TV
Testimonial
What alumni say about us
Common Questions
Most Popular Questions
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Suricata is an open-source network intrusion detection and prevention system (NIDS/NIPS) that monitors network traffic for suspicious activities. Using rules and protocol analysis, it can detect malicious patterns and alert security teams to potential threats.
No previous experience is needed. This course covers Suricata from the ground up, including installation, configuration, and advanced techniques. Basic networking knowledge is recommended, but we provide foundational lessons to ensure a smooth learning experience.
The course is self-paced, so completion time varies. Most students complete it within 4-6 weeks, but you’ll have lifetime access to revisit modules as needed.
By the end of the course, you’ll be able to set up and configure Suricata, create custom detection rules, analyze network traffic for threats, integrate with SIEM tools, and apply Suricata in real-world threat hunting scenarios. These skills are crucial for network security and SOC roles.
Yes, we update the course regularly to reflect the latest Suricata features and capabilities. The course content is aligned with the most current version, so you’ll learn the latest techniques and best practices.
Yes, you’ll receive a certificate from HaxSecurity upon completion, which you can display on LinkedIn and add to your resume to showcase your Suricata skills.
You’ll need a computer with Suricata installed, ideally on a virtual or physical Linux environment. Detailed installation instructions and setup support are included in the course.
Our support team is available to help with technical questions, and we offer a discussion forum for learners to interact with each other. Additionally, Rajneesh hosts regular live Q&A sessions where you can ask specific questions and gain further insights into the material.
Featured Online Course
Stay ahead with content based on the latest industry trends and practices.
Rajneesh Gupta
