Splunk SOC Investigation: Multi-Stage Attack Walkthrough
Investigate a sophisticated multi-stage attack against HarborLine's infrastructure using Splunk. Analyze 6,665 events to reconstruct the complete attack timeline from initial reconnaissance through privilege escalation and data exfiltration. Build detection rules and map findings to MITRE ATT&CK.
By CyberTask ยท Easy level
33
Tasks
1
Sections
460
Points
1 hr
Duration
What You'll Learn
- Analyze attack scope and timeline boundaries
- Identify reconnaissance and enumeration activities
- Trace credential compromise and authentication events
- Investigate privilege escalation and lateral movement
- Detect data exfiltration and persistence mechanisms
- Create detection rules for attack patterns
Prerequisites
- Basic Splunk search syntax knowledge
- Understanding of HTTP status codes
- Familiarity with SSH authentication methods
- Basic Linux file system structure
- Knowledge of common attack techniques
Tools & Technologies
Splunk
nmap
ffuf
Hydra
Ready to Begin?
Sign in or create an account to start this lab and earn points.