Hands-on exercise setting up a lab for stimulus-response based alert writing using the free version of Splunk as a SIEM. Includes installation of Splunk log forwarder, Splunk Enterprise GUI console, log forwarding configuration, log normalization, stimulus-response activities, log review, and alert writing. Methodology good for Blue Teams looking to build alerts based on actual attack output; good for Red Teams looking to understand the output from their activities.

Requirements:

VirtualBox VMs will be provided with networking pre-configured. Hands-on familiarity with basic *nix command line strongly encouraged. Enough CPU/RAM to support at least 1 VM, either *nix or Windows, whichever is least similar to the host OS.