Solution overview
In this lab, you will follow along with Samantha, a SOC analyst in training, as she builds the foundation of a Security Information and Event Management (SIEM) solution using Splunk. The goal of this lab is to help Samantha (and you) set up Splunk to collect and analyze logs from multiple sources across the network.
You will begin by verifying that logs from both Ubuntu and Windows forwarders are being successfully ingested into Splunk. After ensuring proper log ingestion, you will move on to analyze key events such as successful and failed login attempts and system-level errors, which are critical for maintaining the security posture of the organization.
This lab simulates a real-world SOC environment where multiple machines generate logs, and Samantha leverages Splunk to monitor and analyze those logs. By the end of this lab, you will have a solid understanding of how to set up a basic SIEM environment, analyze system logs for key security events, and ensure that your SIEM system is ready to detect potential threats in real-time.