Skip to content

JacYuan1/Windows-Events-to-Splunk-Project

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Written Report.pdf
Written Report.pdf
 
 

Repository files navigation

Windows Event to Splunk Project

Table of Contents

Introduction

The premise of this project is to create a custom windows event in which it will be forwarded to Splunk for further analysis. The final report will be linked in the References section.

Tools Used

The tools used here are the following:

  1. Splunk
  2. Splunk Universal Forwarder
  3. Oracle VM VirtualBox
  4. Windows 10 ISO

Approach to Problem

  1. Create a Windows event using PowerShell by using the EventLog functions.
  2. Forward to Splunk using the Splunk Universal Forwarder.
  3. Search the windows event in Splunk by using the EventID that was created in step #1.

Learning Outcomes

  1. Understood how Splunk Universal Forwarder works.
  2. Understood different types of searching mechanisms in Splunk such as using regular expression, strings, boolean conditions, by events, by patterns, etc.
  3. Understood how to manipulate fields such as adding and deleting selected fields and interesting fields.

Final Grade Received

100%

References

Written report linked here

About

Forwards windows events to Splunk.

Topics

splunk cybersecurity powershell-script splunk-enterprise soc-analyst

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published