Splunk uses the _______ feature to display specific values from search results in an easy-to-read spreadsheet.
Splunk uses the Statistics feature to display specific values from search results in an easy-to-read spreadsheet.
The eval command is used to _________.
The eval command is used to design new fields or modify existing fields.
Designing poor alerts can cause two types of issues: ______ and ________.
Designing poor alerts can cause two types of issues: false positives and false negatives.
- False positives occur when conditions are met and an alert is triggered, but the security situation being monitored did not actually occur.
- False negatives occur when the condition is met and an alert is not triggered, meaning the security situation occurred undetected.
_______ is a method of looking at historical data to determine how much activity is considered “normal.”
Security professionals use baselining to determine a _______.
A _______ is the condition or level that, when met, triggers an alert.
Baselining is a method of looking at historical data to determine how much activity is considered “normal.”
Security professionals use baselining to determine a threshold.
A threshold is the condition or level that, when met, triggers an alert.
________ are similar to the RPM dial found in the dashboard of a car.
**Radial gauges** are similar to the RPM dial found in the dashboard of a car.
Splunk can create location-specific reports with the ______ and ______ commands.
Splunk can create location-specific reports with the iplocation and geostats commands.
_______ are a collection of multiple visualizations in a single location.
The visualizations are placed in different sections, called ______.
**Dashboards** are a collection of multiple visualizations in a single location.
The visualizations are placed in different sections, called **panels**.
Panels can contain: (4)
Panels can contain:
- Single value visualizations
- Multiple value visualizations
- Geographic maps
- Statistical charts
-
1.1_ Cybersecurity Mindset18
-
1.2_ Surveying Cyberspace20
-
1.3_ Certifications and Security+33
-
2.1_The Security Organization - GRC31
-
2.2_ Risk Management and Threat Modeling37
-
2.3 Governance, Risk, and Compliance III23
-
3.1 How Sweet is Terminal23
-
3.2 Commanding the Command Line26
-
3.3 Sticking to the Script15
-
4.1 Introduction to Linux17
-
4.2 Access Controls15
-
4.3 Special Permissions and Managing Services21
-
5.1 Backups and tar13
-
5.2 Cron and Scheduled Jobs20
-
5.3 Monitoring Log Files23
-
6.1 Combining Commands28
-
6.2 Ifs and Lists18
-
7.1 Introduction to Windows33
-
7.2 Powershell Scripting13
-
7.3 Active Directory Domain Services4
-
8.1 Introduction to Networking53
-
8.2 Ports, Protocols, and the OSI Mode43
-
8.3 Following Data Through Layers 2, 3, and 445
-
9.1 IP and Protocols33
-
9.2 Email Networks and Security28
-
Networking Review37
-
Networking Review II19
-
10.1 Intro to Cryptography33
-
10.2 Asymmetric Encryption and Hashing16
-
10.3 Applied Cryptography and Attacks22
-
11.1 Introduction to Firewalls and Network Security41
-
11.2 Intrusion Detection, Snort, and Network Security Monitoring59
-
11.3 Enterprise Security Management9
-
12.1 Intro to Cloud Computing14
-
12.2 Cloud System Management32
-
12.3 Load Balancing and Redundancy10
-
13_ Project Week ELK Stack7
-
14.1 HTTP with Session and Cookies56
-
14.2 Microservices and Container Security33
-
15.1 Introduction to Web Vulnerabilities and Hardening68
-
15.2 Exploitation and Mitigation33
-
15.3 Broken Authentication and Session Management18
-
16.1 Introduction to Pen Testing and Open Source Intelligence22
-
16.2 Student Guide: Network Discovery and Vulnerability29
-
16.3 Exploiting Vulnerabilities39
-
Nmap and Scanning Review Quiz29
-
17.1 Introduction to Metasploit18
-
17.2 Post-Exploitation with Meterpreter24
-
17.3 Custom Payloads with msfvenom10
-
18.1 Introduction to SIEM15
-
18.2 Splunk Searches5
-
18.3 Splunk Reports and Alerts7
-
19.1 Splunk Dashboards and Visualizations8
-
19.2 Splunk Enterprise Security3
-
21.1 Introduction to Digital Forensics9
