Day 8 | Batch 1 | Splunk DNC Setup Linux, Syslog ng, Windows AD & DNS – Data Onboarding

This bootcamp is designed to take you from Cybersecurity Basics → SIEM Implementation → SOAR Integration → MSSP Understanding in a structured and practical way. WhatsApp Link: https://chat.whatsapp.com/BZlmHBdsFGFC41NJlP3zq5 Registration Page: https://splunk.softmania.in/course/free-splunk-admin-bootcamp#/course/15334000002234048/attend/section/15334000003378395/lesson/15334000003378397 What We’ll Cover: 1. Cybersecurity & IT Foundations - What is Cybersecurity? - IT vs Communication Technology - Data, Information & Network evolution 2. Networking & Security Devices - IP, Port, DNS, CDN, Router, Switch, Load Balancer - Firewall (Host & Perimeter) WAF, IDS, IPS, EDR 3. SIEM & SOAR – Complete Introduction - What is SIEM (SIM + SEM)? - Splunk SIEM Setup -Distributed Splunk Architecture - Data Onboarding (Windows, Linux, Syslog, AWS, ServiceNow) 4. Splunk SOAR - Install SOAR in AWS EC2 - Integrate SIEM with SOAR - End-to-end attack flow demo (Brute force scenario) 5. Splunk Admin vs SOC Analyst - Real-world responsibilities explained - Splunk MSSP Model - How MSSP works - How to build MSSP using Splunk 6. Splunk SIEM Implementation - Install Splunk Enterprise on Linux instance with proper pre-installation checks - Configure Indexer - Configure Search Head - Configure Heavy Forwarder 7. Data Onboarding into Splunk SIEM from - Windows AD Server - Windows AD Client - Linux - Syslog 8. Splunk SOAR Implementation - Splunk SOAR Installation - Splunk SIEM & SOAR Integration 9. Use case: Brute force attack - Env Setup - Brute force attack - Introduction - Create a Splunk alert in Splunk SIEM - To identify brute force attack behaviour from Windows data - Integrate the Splunk SOAR with Microsoft AD Server - Create a Playbook in Splunk SOAR 10. Use case: Brute force attack - Attack Simulation - Integrate Splunk SIEM Alert & Splunk SOAR Playbook - Perform the attack simulation - Discuss about what's next?