TryHackMe - Splunk BOTSv1 (APT Scenario) Walkthrough -

Рет қаралды 8,198

Күн бұрын

Пікірлер: 19

@theboxdudeph 2 жыл бұрын

This is such a hidden gem. Straight to the point and easy to understand walkthrough. Your voice is also calming and clear. I like that you did not use any intermediate or advance SPLs to make it look really easy. Oh and btw how were you able to set your splunk instance to dark mode for the whole website?

@Micahs0day 2 жыл бұрын

Thank you for your kind words! I use a browser add-on called dark reader, it sets the entire browser to dark mode!

@SoftwareAnalayst Жыл бұрын

It still stays that the room is private after creating an account. Please help.

@Micahs0day Жыл бұрын

Tbh, I'm not sure why. It might be worth joining their discord and asking there. discord.com/invite/tryhackme

@omn5142 8 ай бұрын

I wonder why they got rid of this room?

@kevingardocki Жыл бұрын

do you know by chance know why my index="botsv1" is not pulling up any results even with the event amount and ALL TIME search?

@Micahs0day Жыл бұрын

Sorry for the late response. Did you get it to work?

@kevingardocki Жыл бұрын

@@Micahs0day all good thank you for taking the time to reply! No I couldn’t get it to work I’m not sure why my Splunk wasent pulling it up ! I’ll just have to use some download logs

@Micahs0day Жыл бұрын

@@kevingardocki You can also check out BOTS on Splunk's website. bots.splunk.com/login?redirect=/

@wertyuna5 4 ай бұрын

Great video! Do you like LetsDefend or THM more?

@JohnJLillie Жыл бұрын

Great information. Do you have a link or instructions on how to generate that data so I can import into my Splunk? I looked but cannot see many fields in the THM options. Thanks

@Micahs0day Жыл бұрын

You can find the dataset here! github.com/splunk/botsv1

@zhouHuy 7 ай бұрын

thanks for your video, i'm new here, but the Tyrhackme prompted "the room is private, Only users with the room link can access this room", how should i access, i have crerated a account, please...

@falloutthree370 Жыл бұрын

Says the tryhackme room is private...

@Micahs0day Жыл бұрын

It's a free room, you just have to create an account first.

@thearts7702 2 жыл бұрын

Great walkthrough like always... how do we get into this room? its says its private.

@Micahs0day 2 жыл бұрын

You have to be logged in to your THM account.

@0day-Control 2 жыл бұрын

I wanted to learn soc via splunk as an L2. Can you please guide where to start and how.

@Micahs0day Жыл бұрын

Start with Splunk Fundamentals 1& 2, you can search GitHub for the files. Also, Hailie Shaw has an excellent course on Udemy "Splunk: Zero to Power User", you can usually buy it for around $15.