Threat Hunt Like a Pro in Splunk | Create Dynamic Dashboards to Hunt Host-Based Threats скачать в хорошем качестве

Threat Hunt Like a Pro in Splunk | Create Dynamic Dashboards to Hunt Host-Based Threats

Learn how to build a *Splunk threat hunting dashboard* that takes a hostname as input and surfaces critical security events instantly across multiple data sources. Whether you’re working in a SOC or just leveling up your cyber defense skills, this lab-style video shows you how to: ✅ Search DNS queries for a specific host ✅ Pull local authentication logs ✅ Identify top processes running on the host ✅ Analyze suspicious command line activity We’ll create interactive dashboards step-by-step, making your threat hunting **faster, smarter, and more scalable**. 🎯 Ideal for: Threat hunters Blue teamers SOC analysts Splunk users looking to automate investigation workflows 💡 Ready to hunt smarter? Don’t forget to **like, subscribe**, and turn on notifications for more practical Splunk and cybersecurity content every week! Boss of the Soc Data Set https://github.com/splunk/botsv3 ❓Todays Queries ✔️DNS Query index=botsv3 host=$host$ hostname protocol_stack="ip:udp:dns" source="stream:dns" "message_type{}"=QUERY "query_type{}"=A | table host hostname{} _time ✔️Host Query index=botsv3 EventCode=4624 OR EventCode=4625 $host$ | table TaskCategory Account_Name EventCode | dedup Account_Name ✔️Top Processes index=botsv3 host=$host$ AND Creator_Process_Name="*" | stats count by Creator_Process_Name | sort -count | head 10 | eval process_label = Creator_Process_Name . " (" . count . ")" | table process_label count ✔️Command Line Rare Events index=botsv3 host=$host$ AND CommandLine="*" | stats count by CommandLine | rare limit=20 CommandLine Music Attribution: Inpulsemusic - Lofi Chill Background Music https://pixabay.com/music/beats-lofi-... 🎯 Hashtags: #ThreatHunting #Splunk #CyberSecurity #BlueTeam #SIEM #SOC #DetectionEngineering #DFIR #SecurityOperations #SplunkDashboard