In this module, Samantha, a developing SOC analyst, focuses on the foundational steps of setting up a SIEM system using Splunk. With guidance from her senior SOC analyst, she configures log forwarders on both Ubuntu and Windows machines, ensuring real-time log ingestion into the Splunk server. Samantha generates and simulates login events, allowing her to analyze critical logs such as successful and failed login attempts. By completing this module, Samantha will establish a functional SIEM setup, gaining visibility into system logs that are crucial for detecting and responding to potential security incidents.

Cribl Stream is an observability pipeline tool living between any data source and any destination. These destinations can be systems of analysis (Splunk, Elastic, etc.) or systems of retention (S3 buckets, Data Lakes, etc.). Stream uses Sources, Destinations, Routes and Pipelines to move data coming from data sources, processes through its pipelines (group of functions) and sends the results to one or many destinations in the format that is best for the environment and its use cases.