The premise of this project is to create a custom windows event in which it will be forwarded to Splunk for further analysis. The final report will be linked in the References section.
The tools used here are the following:
- Splunk
- Splunk Universal Forwarder
- Oracle VM VirtualBox
- Windows 10 ISO
- Create a Windows event using PowerShell by using the EventLog functions.
- Forward to Splunk using the Splunk Universal Forwarder.
- Search the windows event in Splunk by using the EventID that was created in step #1.
- Understood how Splunk Universal Forwarder works.
- Understood different types of searching mechanisms in Splunk such as using regular expression, strings, boolean conditions, by events, by patterns, etc.
- Understood how to manipulate fields such as adding and deleting selected fields and interesting fields.
100%