Introduction
As someone who enjoys Blue Teaming, one of my favorite tools is Splunk. I was first seriously introduced to it during the WorldSkills Singapore Cybersecurity competition, and learnt many of its more advanced features while preparing myself for Nanyang Polytechnic's Splunk Challenge 2021.
Me (center), back in 2021.
Since then, I've used Splunk in several of my school assignments and projects, and I've enjoyed how easy it makes organizing, searching and visualizing data. In this post, I'm pleased to share several of my own guides and resources.
Note: These resources were released as part of my Splunk Crash Course, held on 15 June 2023 at Nanyang Polytechnic.
Thanks to everyone at NYP for helping make the event possible!
Resources:
1. Pre-built panel cheat sheet. While there are many great cheat Splunk cheat sheets available online (like this one), most of them focus on individual commands and expressions, rather than full search queries. Therefore, I compiled my own special reference for complete Splunk visualization panels.
With a few modifications, you'll be able to quickly adapt the sample panels different tasks and data types. It's great for open-book competitions - just copy-paste-edit for each task.
2. Crash Course slides. These slides were created for one of my workshops. They're helpful if you need a quick overview of what's possible with Splunk, and how you can use it with your own data.
3. Sample Corrupted Data. A set of corrupted and shuffled logs I created using the sample Splunk Buttercup games data. A fun way to practice your data cleaning skills.
4. Splunk Demo - Housing in Singapore. A complete walkthrough of my data cleaning/dashboard building process using public data, created for a school assignment. You can check out these videos (1) (2) to see the interactive features in action.
5. Singapore Cyber Conquest selection challenge: Short activity to test your Splunk skills, with 7 levels of increasing difficulty. Answers here, but don't peek before you've tried first! I made this to help NYP's School of IT identify talented students for the Singapore Cyber Conquest competition 2022.
6. CTF writeup using Splunk: Splunk is an excellent tool for collating, corelating, and investigating Windows Event log files (.evtx), especially across different machines in a network.
If you're working on any cool projects with Splunk, or have a useful resource to contribute, feel free to let me know here.
Happy Splunking!