Ellington Cyber Academy Capstone 2 Demo | Splunk Knowledge Object Dashboard for Silversmith скачать в хорошем качестве

Ellington Cyber Academy Capstone 2 Demo | Splunk Knowledge Object Dashboard for Silversmith

Welcome back, defenders! In this video, I walk through my latest capstone demo for ‪@EllingtonCyberAcademy‬ . In this hands-on simulation, I was promoted to Product Owner of a fictional dessert company’s Splunk Enterprise environment. Thanks again to Jordyn & Tiffiny of ‪@StatsOnStats‬ for your feedback and time sitting in on our cohort's capstone night. 📌 The Scenario: A potential high-value client is concerned about our logging and cybersecurity practices. My mission was to build and present technical Splunk Knowledge Objects that showcase full-stack visibility, strong monitoring, and mature security posture, while also solving the company’s internal struggles with enrichment, alert fatigue, and inconsistent data handling. 💡 Key Knowledge Objects Implemented: • 📊 Reports – Visual threat detection using chart and timechart to enhance visibility and reduce alert fatigue • 🏷️ Tags – Applied for cleaner event grouping and scalable classification • 🧾 Event Types – Mapped to patterns like brute-force attacks and suspicious PowerShell usage • 🔄 Field Aliases – Standardized inconsistent fields (like src_ip, host) across sourcetypes • ⚙️ Workflow Action – Integrated with VirusTotal for fast IP reputation lookups within Splunk • 📁 Data Models – Built for Windows, network, and gaming logs to fuel Pivot performance • 🔎 Pivot Tables – Designed for non-technical users to explore data visually without SPL knowledge 🚧 Challenges Addressed in This Demo: • 📚 Lack of knowledge object awareness → Solved via clear use cases and demo-based teaching • 🔍 Monitoring gaps → Closed with custom dashboards and scheduled reports • ⚠️ Poor data enrichment & naming inconsistency → Addressed via aliases, tagging, and standardization • 💤 Alert fatigue → Minimized with curated, high-impact detections and visual clarity 🎯 Project Goal: Demonstrate how Splunk knowledge objects can bridge gaps between security teams, compliance reporting, and business leadership, making security data both actionable and accessible. 🛠️ Stack: Splunk Enterprise on AWS Lightsail 🔍 Data Sources: Security logs, network traffic, bakery operations, and Splunk's Buttercup game telemetry (Static) | Windows 11 VM (Splunk UF) 📽️ This video is the full breakdown I promised the judges after my live pitch time was cut short — thanks for watching! — 👍 Like / 💬 Comment / 🔔 Subscribe if you're interested in more Splunk demos, SOC walkthroughs, and cybersecurity project breakdowns. Best, TCD ================================ Technical blog:   / topcyberdawg   Investigation Music provided by @StompsPlaylist