Room link: https://tryhackme.com/room/splunk101
Created by: tryhackme, Dex01, Aashir.Masood
“Splunk is one of the leading SIEM solutions in the market. It allows users to collect, analyze, and correlate network and machine logs in real time. In this room, we will explore the basics of Splunk and its functionalities, and how it provides better visibility of network activities and helps speed up detection.”
If you have recently looked at cybersecurity jobs, you will know that Splunk experience is in high demand. It’s one of the big SIEMs in the industry. I’m looking forward to doing this room. We start off by connecting to the lab and launching the AttackBox.
In Task 3, Splunk Components, THM goes over the three main components of Splunk: Forwarder, Indexer, and Search Head.
In Task 4, Navigating Splunk, THM walks us through the various sections of Splunk Enterprise and the home screen.
In Task 5, Adding Data, we are uploading a task file that is saved on the AttackBox.
For the next question, I noticed certain filters under the Maleena user, so all I did was manually edit the search with “Source_ip” to obtain the next answer. Same with Source_Country and the last question.
