Investigating with Splunk is a modular, hands-on workshop designed to familiarize participants with how to investigate incidents using Splunk and open source. This workshop provides users a way to gain experience searching in Splunk to answer specific questions related to an investigation. These questions are similar to what would be asked in their own organizations. The workshop leverages the popular Boss of the SOC (BOTS) dataset in a question and answer format. Users will leave with a better understanding of how Splunk can be used to investigate in their enterprise.

The workshop is approximately 3-4 hours and includes:

  • An investigation primer
  • Advanced Persistent Threat (APT) scenario
  • Ransomware scenario

Attendees will receive expert guidance from August Schell's Splunk security subject matter expert, Alex Maier. You'll learn from Splunkers who have years of experience, not only in Splunk but also in security. 

The workshop incorporates real world data. Based on attack scenarios from Splunk's Boss of the SOC, the data collected showcases common security attacks that you may encounter on a daily basis.

Lastly, this workshop lets participants interact with Splunk and the data set to gain a better understanding on how to answer security questions using Splunk during the 'hands-on time' that's built into the workshop agenda.