Professional Documents
Culture Documents
1) Build dashboard to monitor FW logs – outbound connections over ports other than
443 and 80 to public IP’s
Table view of Outbound Connections over ports other than 80 and 443 to public IP’s
2) Add a pie chart to your dashboard showing uploads on webserver from various
Countries i.e., public IP’s
Stats table with count of all uploads on webserver from various Countries.
Added to dashboard
SOC Experts
Cybersecurity Career Launcher
Similar to webserver
Added to dashboard
SOC Experts
Cybersecurity Career Launcher
3) Create a panel for webserver returning status code 404 (mention the IP, URI, User
Agent)
index=webserver status=404 | iplocation clientip | table clientip City Country uri useragent
status
Added to dashboard
SOC Experts
Cybersecurity Career Launcher
4) Create a bar chart to show various status codes returned from our webserver logs
Statistical view with count of all status codes including fields with No Status Code
Added to Dashboard
SOC Experts
Cybersecurity Career Launcher
Entire Dashboard:
SOC Experts
Cybersecurity Career Launcher
1) Create a dashboard panel to check failure attempts by user. Use input field to
select different Account name.
Shows table of failed login with Time, Account Domain, Account Name, Logon Type,
SourceIP
Added to Dashboard with Search: which includes token = accountname (default value=*)
Now, adding a Dynamic Dropdown for Source Network Address: Token = srcip
Search Query:
2) Create a dashboard panel to monitor DNS requests (Select fields of interest, filter
out junk data)
Shows only IPv4 requests where only A record (flag=1) was accessed with table of Date,
Source, URL
When added to Dashboard: Token for search = url (default value =*)
3) Write a search query to identify the threat information under firewall threat logs
(select appropriate fields)
Added to Dashboard with search for Source IP, Source Port, Destination IP, and Destination
Port
4) Use geo-stats command and add a panel to your dashboard (You can use any log)
Network/FW Logs for outbound connections to Public IP’s and count for each City in Geo
Map
index=network dest_ip!="10.0.0.0/8" AND dest_ip!="172.16.0.0/12" AND
dest_ip!="192.168.0.0/16" | iplocation dest_ip | geostats count by City
SOC Experts
Cybersecurity Career Launcher