Professional Documents
Culture Documents
In this lab, we will analyze a log file using Splunk. We will look for suspicious
events and figure out what happened exactly.
Log files are difficult to read as it contains thousands of lines with many events
and metadata. Splunk can assist us in analyzing such file using search filter.
Tools used:
a- Splunk Cloud
b- You need to analyze the file shared with you on BB (access.log).
Steps:
1- First you need to use Free Splunk Cloud via the link:
https://www.splunk.com/en_us/download/splunk-cloud/cloud-trial.html?
utm_campaign=google_emea_tier3_en_search_brand&utm_source=google&utm
_medium=cpc&utm_content=cloud_signup_product&utm_term=free
%20splunk&_bk=free
%20splunk&_bt=548280304713&_bm=p&_bn=g&_bg=121759865680&device=
c&gclid=CjwKCAjw__ihBhADEiwAXEazJj80uqdVRcABT0MIvaBCX2k1Esqx
omeLkFg841vgrtKwIJPooL50jRoCoXcQAvD_BwE
2- You need to register first, so, fill your data and make sure you put your correct
email because you will receive activation on email.
3- Open your email to activate your account.
4- Then you will receive an email with your username and pwaasword:
10- Here Splunk displays the access log, What do you observe from Event 17 and
above?
11- Click Next
12- Click Next
13- Click Submit
14- Click on Start Searching.
15- Here we can filter our search based on specific fields. All the interesting fields are
shown on the left side.
16- Also, you can expand each field to see more details:
You will find that there is a brute force attack where the attacker is trying to
log multiple times as Admin but with 401 error code.