Write My Paper Button

WhatsApp Widget
Skip to content

Task 1 – Splunk Installation 2.1 Install the SPLUNK Enterprise software package onto your computer/virtual machine. This is a data recognition software tool in a Windows environment on your PC (or virtual machine).

Task 1 – Splunk Installation

2.1 Install the SPLUNK Enterprise software package onto your computer/virtual machine. This is a data recognition software tool in a Windows environment on your PC (or virtual machine).

  1. Open SPLUNK in your default web browser and login into the SPLUNK web interface. Provide screenshots of the login process to your portfolio.
  2. Create a user with a Power role and add a screenshot. Ensure your name is in the screenshot and add to your portfolio.
  3. Carry out research to identify and briefly describe three (3) software tools that can be used to identify data patterns.

Screenshots: SPLUNK Installation

Task 2 – Splunk Ingesting Data

2.2 You have been asked by your manager to ingest all files into your SPLUNK Enterprise data analysis tool for searching. The data source that you will use covers 30 days. The steps that you should perform in this task are as follows:

  1. Download the data fromhttp://splk.it/f1data, and then ingest the data into SPLUNK Enterprise.
  2. Logon into SPLUNK Enterprise using a Power user
  3. Perform a basic search in linux_s_30Day.log file from the ingested files. You should search and analyse the logs and alerts that happened in the last year to recognise the pattern of network data and log frequencies.
  4. Write a paragraph of at least 50 words about your analysis.
  5. Provide screenshots to your portfolio.
  6. Outline at least two (2) strategies to process data into subtasks. Explain the advantages of the strategies.
  7. Create two subtasks and perform a search in one of the subtasks.
  8. Explain what a data anomaly is and how it is detected.
  9. Analyse the collected data and identify any discrepancies or anomalies in it.
  10. Provide screenshots to your portfolio.

Screenshots:SPLUNK ingesting Data

Task 3 Ingest Windows data into SPLUNK Enterprise

2.3 Use the SPLUNK Enterprise data recognition and analysis software to monitor local Windows host monitoring. Configure this instance to capture the information about the Network Adapter of your Windows system every 20 seconds. Then, go to App: Search and Reporting and select the created hostname from Data Summary. This information can help you recognise the data patterns in your Windows logs or events. Provide a screenshot of the output graph in your portfolio.

Screenshots:Ingest Windows data into SPLUNK Enterprise

Task 4 – Splunk Creating a Report

2.4 Save the analysed data output of Task 3 as a report and export it into PDF format. The report and the PDF file should be named as

Task 5 – Splunk for Security Operations Centre

2.5 Research and briefly explain the responsibilities of IT professionals in a Security Operations Centre (SOC). In addition, you need to explain how SPLUNK can be used in a SOC to monitor network security traffic and devices.

In your answer, discuss the sources that SPLUNK uses to obtain data (e.g. include reference to firewalls, Intrusion DetectionSystems (IDS), Access Control Systems, and Security and Event Management Systems (SIEMs)), and the type of data that each source can provide.

2.6 Assume that you have created a SQL database, added several tables, and populated the tables (inserted data into the tables). You have run a few SQL queries, and everything appears to be working correctly. However, on the last query, no data has been returned, and the error message says that some files may be corrupted. The message does not specify which files. What process would you follow to attempt to fix the problem?

  1. 7 Run an SQLi attack on a database to perform unauthorised data access and provide screenshots demonstrating the detected attack.

Open SQL injection lab in VU23216 AT2, answers the questions and provide Screenshots: THM SQL Injection Lab

Bottom of Form

Top of Form

  1. Use Wireshark via your KaliLinuxVMto analyse the captured network traffic inTCP_Example.cap. To download this file, use theActivity 3 2.3dropdown section and selectDownload Task Files.—-Activity belongs to VU23216

Hint : File has been downloaded and provided herwith file name( Tcp_Example.cap)

Answer the following questions about theTCP_Example.capfile:

Answer the questions below

What TCP port is the client using in the HTTP conversation?

Answer format: ****

Top of Form

Bottom of Form

Based on the contents of the HTTP conversation, what operating system is on the client?

Top of Form

Answer format : ****

Bottom of Form

Based on the contents of the HTTP conversation, what web browsing software is being used?

Top of Form

Answer format: ****

Bottom of Form

Is it the client or the server that initiates the closing of the TCP connection in the HTTP conversation?