If you know that a security violation originated from a specific machine within the last 60 days, how would you determine who has logged on to that machine? All of the necessary data is sitting in the registry and log files of a Windows system, but you still need to sift through it all. How about if your company experiences a malware outbreak and you need to determine if a certain computer has been infected? You'd likely have to perform a manual registry search. The nature of such tasks can be tedious and time consuming, but by using Splunk's security features, IT pros can search through the necessary data more efficiently.
In this SearchSecurity.com screencast, Keith Barker, CISSP and trainer for CBT Nuggets, provides a tutorial of Splunk to exhibit how to use Splunk for security. Keith analyzes the features available in the free version of Splunk, including a powerful set of predefined searches that can be tweaked to achieve specific results. There are also plenty of apps that provide predefined searches for specific platforms, including Windows, Linux and Cisco firewalls. All of these powerful features are presented in an easy-to-use Web browser layout, so any user that can navigate a browser will instantly be familiar with Splunk's design. With this Splunk tutorial, IT pros can learn how to sort through avalanches of data quickly and easily, eliminating some of their most monotonous tasks in the process.
Editor’s note: To make the video larger, click the "go to full screen" button in the lower right-hand corner of the video window.
About CBT Nuggets
CBT Nuggets is a computer-based technology company specializing in cutting edge online IT training. Founded in 1999 by current CEO Dan Charbonneau, CBT Nuggets provides quick, easy and affordable learning by renowned instructors for individuals, small teams and large organizations. CBT Nuggets also offers a wealth of free videos on a variety of IT topics on the CBT Nuggets YouTube video channel.
About Keith Barker
Keith Barker, CISSP, a trainer for CBT Nuggets, has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Keith is also the author of numerous Cisco Press books and articles.