Threat Hunting Tutorial- Day 11, Hunting Process Creation with Splunk

preview_player
Показать описание
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses.

In the ransomware hunt series, I introduced you to process creation log sources in Windows, relevant data fields for analysis, and instructions on how to import this data into Splunk. Here I am going to focus on some basic queries you can use to interrogate those logs and how to filter benign results. There will also be a small section on hypothesis and questions you can ask of this data to help discover anomalous activity.

So in today's episode we will focus on very basic level of data analysis of doing baselining with Process Creation events and how to efficiently use Splunk queries to understand what is normal and what is not. In coming up episodes, we will focus on live demo using these same methods and will explore how can we identify anomalous behavior in a set of data.

WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------

📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ Twitter: @blackperl_dfir
  1. BlackPerl
  2. threat hunting tutorial
  3. threat hunting
  4. threat hunt
  5. threat hunting in security operations
  6. threat hunting with splunk
Рекомендации по теме
Threat Hunting Tutorial- 0:10:18

Threat Hunting Tutorial- Day 11, Hunting Process Creation with Splunk

Threat Hunting Tutorial- 0:14:19

Threat Hunting Tutorial- Day 12, Hunting PowerShell With Splunk

Threat Hunting with 0:00:48

Threat Hunting with John Hammond

Use Case 11 0:08:03

Use Case 11 Threat Hunting

Threat Hunting Explained 0:38:06

Threat Hunting Explained By Microsoft's Elite Hunter

Apple Will Pay 0:00:49

Apple Will Pay Hackers $1,000,000 For This Bug Bounty 😳

Data Anomaly Driven 0:27:11

Data Anomaly Driven Web Threat Hunting

2024-06-25 Cyber Threat 4:36:36

2024-06-25 Cyber Threat Hunting Level 1 With Chris Brenton

Cyber Resilience: Building 0:08:43

Cyber Resilience: Building Defenses Against Next-Gen Cyber Threats

Maximizing your Investment 0:40:31

Maximizing your Investment in Converged SIEM with Threat Hunting.

Hunt for Hackers 0:13:51

Hunt for Hackers with Velociraptor

Threat Hunting Explained 0:01:00

Threat Hunting Explained in 60 Seconds #shorts #threathunting #cybersecurity

Extracting Threat Hunting 0:01:02

Extracting Threat Hunting Rules with Intezer

Threat Hunting Tutorial- 0:15:06

Threat Hunting Tutorial- Day 6, APT39 Hunting using Splunk

Introduction to Cyber 0:24:12

Introduction to Cyber Threat Hunting : SOC

Threat Hunting in 0:03:14

Threat Hunting in Security Operations: Create Effective Rules Faster

A Day in 0:00:57

A Day in the Life of a Cybersecurity Consultant

Threat Hunting Techniques 0:00:40

Threat Hunting Techniques | Cyber Threat Hunting Solutions

Tutorial: Threat Hunting 0:08:31

Tutorial: Threat Hunting via Windows Event Log (No Audio)

Threat Hunting Tutorial 0:06:56

Threat Hunting Tutorial for Beginners | Techniques | Security Operations | VAPT SOC SIEM

ReliaQuest GreyMatter's Threat 0:00:53

ReliaQuest GreyMatter's Threat Hunting Capability

Hunting Immaturity Model 0:34:01

Hunting Immaturity Model | 2020 Threat Hunting & Incident Response Summit

The Beginner's Guide 0:14:32

The Beginner's Guide to Threat Hunting Featuring SPLUNK

Do I need 0:00:42

Do I need the CompTIA A+ to work in IT or Cyber Security?

Комментарии
Автор


Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses.

In the ransomware hunt series, I introduced you to process creation log sources in Windows, relevant data fields for analysis, and instructions on how to import this data into Splunk. Here I am going to focus on some basic queries you can use to interrogate those logs and how to filter benign results. There will also be a small section on hypothesis and questions you can ask of this data to help discover anomalous activity.

So in today's episode we will focus on very basic level of data analysis of doing baselining with Process Creation events and how to efficiently use Splunk queries to understand what is normal and what is not. In coming up episodes, we will focus on live demo using these same methods and will explore how can we identify anomalous behavior in a set of data.


WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!


📞📲
FOLLOW ME EVERYWHERE-

✔ Twitter: @blackperl_dfir

BlackPerl
Автор

Hey Man, First of all I would like to thank you so much for uploading such videos. Your videos are always informative for people who are new to threat hunting or IR or forensics. I have a request, can you please make a video on hypothesis based hunting where you take any 1 or 2 Tactics or Techniques from MITRE and start hunting in an environment. Please show us how it is done in real world and how will you make use of EDR tool and Splunk queries in such case. Please make a lengthy video. I will be grateful to you. Again, I would like to say that you are doing God's work.

puneetkhandelwal
Автор

Hi, thanks for your content.
It's really help us.
I have two requests,
1). can you please make a video on SOC admin job role in a practical way.

2) As your are working as Security Engineer, how a IT Engineer can switch to Cybersecurity Engineer.

WaseemAkram-wrfq
Автор

Thank you so much your video's and they are helping in learning threat hunting and please keep up this good work. Waiting for your next topic of this video

napster