
Install Splunk Enterprise on Ubuntu by downloading the Debian package, transferring it to Linux, installing with dpkg, starting Splunk, and opening the web interface on port 8000 with admin credentials.
Learn to access and import the bots datasets into Splunk, including versions one through three and their attack datasets, after installing the necessary add-ons.
Import lab attack logs into Splunk by installing Sysmon and Windows add-ons, uploading Sysmon and security logs, and validating data with a search in the main index.
Explore how the bell-shaped normal distribution (Gaussian) appears in data, and why Splunk users should combine methods beyond standard deviation to avoid false positives.
Learn the empirical rule, or 68–95–99.7 rule, to identify normal data and outliers using standard deviations, and apply it to reduce noisy logs in threat hunting with data science.
Utilize data science with Splunk to hunt user access anomalies by identifying login outliers among successful logins (eventcode 4624) through time binning, stats, and outlier evaluation across hosts.
Detect SMB traffic anomalies with Splunk by computing SMB connection standard deviation, identifying outliers using 7 standard deviations bounds, and displaying results for ports 139 and 445.
Discover how to detect malicious Windows process command lines with data science and Splunk. Identify outliers by calculating command line length, average, and standard deviation, using upper and lower bounds.
Combine cpu, network, and memory data into a common metric, compute z-scores to detect anomalies, and visualize them in splunk to spot potential malware activity.
Explore the Splunk machine learning toolkit (mltk), a free add-on for real-time analytics that provides clustering, regression, classification, and anomaly detection, plus data prep, model evaluation, and deployment.
Install the Splunk machine learning toolkit (MLTK) from Splunkbase, upload and install the app, then install the OS-specific addon via the command line to access tutorials.
Increase fault tolerance and accuracy in data science with Splunk by applying streamstats, windowing, and standard deviation to detect outliers in DNS and ICMP traffic.
Explore how domain generation algorithms let malware and botnets evade firewalls by generating multiple domains for command and control, and how to use Splunk to detect DGA activity.
Install the dga app for Splunk by installing prerequisites such as Splunk Machine Learning Toolkit and URL Toolbox, then configure the dga app, create dga_proxy index, and enable alerts.
Welcome to "Threat Hunting with Data Science and Splunk for Beginners," course where we dive into the exciting realm of cybersecurity and equip you with the foundational skills needed to detect and mitigate cyber threats using Splunk and Data Science. Throughout this course, we'll focus on the seamless integration of data science techniques with Splunk, empowering you to become a proficient cyber defender.
In today's digital landscape, cyber threats are evolving rapidly, posing significant risks to organizations and individuals alike. That's why proactive threat detection is paramount, and this course is your gateway to mastering the art of threat hunting using basics of data science methodologies within the Splunk environment.
We'll start by laying the groundwork with an introduction to Splunk and its capabilities in threat detection. You'll learn how Splunk serves as a central hub for ingesting, analyzing, and visualizing vast amounts of security data, enabling organizations to identify and respond to threats in real-time.
Next, we'll delve into the world of data science and its integration with Splunk. You'll discover how data science techniques such as statistical analysis, machine learning, and natural language processing can augment Splunk's capabilities, allowing for deeper insights and more accurate threat detection.
Throughout the course, we'll explore practical use cases where data science intersects with Splunk to enhance threat detection efficacy. From identifying anomalous user access patterns to detecting suspicious network traffic and uncovering malware activities, you'll gain hands-on experience in leveraging data science techniques within the Splunk environment to proactively hunt down cyber threats.
But we won't stop there. We'll also delve into Splunk's Machine Learning Toolkit (MLTK), a powerful suite of tools that enables you to build and deploy custom machine learning models for threat detection. You'll learn how to harness the MLTK's capabilities to create predictive models that can automatically identify and mitigate emerging threats.
By the end of this course, you'll emerge with a comprehensive understanding of how data science and Splunk intertwine to form a formidable defense against cyber threats. Whether you're new to cybersecurity or looking to deepen your expertise, "Threat Hunting with Data Science and Splunk for Beginners" will empower you to take your threat detection skills to the next level and make a meaningful impact in securing digital assets.