1 Lab: Leveraging Internal Intelligence Resources

Lab 6

Log Correlation  

Brief Summary of Lab:

In this lab I was reviewing computer logs to establish the perpetrator of a security. Having collected the necessary log files, I was able to review them both manually and using splunk tool to automate the analysis and search process. The whole process entailed loading the log files into plunk tool then analyzing information regarding various events. The aim was to determine who the culprit of security breach was

Analysis Proces

Splunk Upload Data

Loading File into Splunk’

Splunk Data Review

File Uploaded Successfully

Physical Security Logs

Data Review

File Uploaded Successfully

Searching Aggregated Logs

Reverse search

User Account Created Expansion

3. Specific Practices or Resources:

Having acquired the necessary file I had to review various events that had taken place. The step was to establish a critical event occurring and in this case it was creation of an account with administrator privilege. Having established the event to have occurred at around 9:57, the next step was to determine who was logged on around that time.

The main tool of work was Plunk enterprises, using it I was able to search for carious security events and ultimately determine our culprit to be Drew Patrick.