Purpose of this lab:

• Understand how to deploy and configure Splunk Universal Forwarders for log ingestion.
• Analyze and visualize Windows Security Event Logs (e.g., Event ID 4625) for monitoring failed login attempts.
• Simulate a brute-force attack using a Kali Linux machine to observe how Splunk detects and processes security-related events.
• Develop skills in crafting Splunk Processing Language (SPL) queries to extract actionable insights from logs.
• Build foundational knowledge for potential SOC (Security Operations Center) roles, including threat detection and analysis.

Devices and tools used

Splunk server - My computer

Forwarder - Azure VM instance (Windows 10)

Kali Linux - VMware VM

Create Win10 VM

Win10 VM is up and running

Create an index in Splunk Server - to get ready to receive data from forwarder