Hands-on exercise setting up a lab for stimulus-response based alert writing
using the free version of Splunk as a SIEM. Includes installation of Splunk log
forwarder, Splunk Enterprise GUI console, log forwarding configuration, log
normalization, stimulus-response activities, log review, and alert writing.
Methodology good for Blue Teams looking to build alerts based on actual attack
output; good for Red Teams looking to understand the output from their
VirtualBox VMs will be provided with networking pre-configured. Hands-on
familiarity with basic *nix command line strongly encouraged. Enough CPU/RAM
to support at least 1 VM, either *nix or Windows, whichever is least similar
to the host OS.