I designed a custom monitoring environment to protect a fictional organization, VSI using Splunk
Played the role of an SOC analyst at a small company called Virtual Space Industries (VSI), which designs virtual-reality programs for businesses.
- VSI has heard rumors that a competitor, JobeCorp, may launch cyberattacks to disrupt VSI’s business.
- As an SOC analyst, you are tasked with using Splunk to monitor potential attacks on your systems and applications.
- The VSI products that you have been tasked with monitoring include:
- An Apache web server, which hosts the administrative webpage.
- A Windows operating system, which runs many of VSI’s back-end operations.
- Your networking team has provided you with past logs to help you develop baselines and create reports, alerts, dashboards, and more.
You’ve been provided the following logs on your machine.
- Windows Server Logs
- This server contains intellectual property of VSI’s next-generation virtual-reality programs.
- Apache Server Logs
- This server is used for VSI’s main public-facing website, vsi-company.com.
Developed a defensive solution utilizing a variety of Splunk tools by
- Creating Baseline of normal activities
- Design custom alerts, reports and Dashboards
After experiencing a simulated attack, I analyzed the reports and Dahsboards to determine if the defensive solutions protected VSI. Fill out a review and analysis form on my Findings.