Log Correlation & Analysis to Identify Potential IOC
CYBRScore
Virtual Lab

Time
1 hour
Difficulty
Intermediate

When defending networked digital systems, attention must be paid to the logging mechanisms set in place to detect suspicious behavior. In this lab, students will work with Splunk to help correlate server logs, system logs, and application logs in order to determine if an attacker was successful, and if so what happened and how they got in.

Join over 2 million IT and cyber professionals advancing their careers

OR

Sign up with Google

Already have an account? Sign In »

This Virtual Lab is part of a Career Path: Become a SOC Analyst - Level 1

Overview

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab is a premium Cybrary lab intended for students at the intermediate level. This lab teaches students how to perform an initial review of log data for possible IOC, import the logs into a security event correlation tool, and analyze the logs in more depth to identify potential IOC. These tasks develop multiple skills needed by cybersecurity professionals (as classified by NICCS): • Correlate incident data and perform cyber defense reporting; • Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations; • Skill in reviewing logs to identify evidence of past intrusions; • Knowledge of security event correlation tools; and • Skill in using security event correlation tools.

These skills and abilities are used by a variety of cybersecurity professionals including Cyber Crime Investigators, Cyber Defense Analysts, Cyber Defense Forensics Analysts, Cyber Defense Incident Responders, Law Enforcement/Counterintelligence Forensics Analysts, Security Control Assessors, and Vulnerability Assessment Analysts. Upon successful completion of the Cybrscore Log Correlation & Analysis to Identify Potential IOC lab, the student will be able to perform an initial log review, import logs into Splunk, and analyze logs for possible IOC.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab will typically take less than 1-hour to complete.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab requires the student to review a variety of logs to identify potential IOC. This task serves to develop skill in reviewing logs to identify evidence of past intrusions. This skill is a key component of performing the work roles of Security Control Assessor and Vulnerability Assessment Analyst.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab also requires the student to import these logs into Splunk for further investigation. This task helps the student gain skills in correlating incident data and perform cyber defense reporting, knowledge of security event correlation tools, and skill in using security event correlation tools. These abilities are important to individuals in the work roles of Cyber Crime Investigators, Cyber Defense Analysts, Cyber Defense Forensics Analysts, Cyber Defense Incident Responders, Security Control Assessors, and Vulnerability Assessment Analysts.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab also requires the student to perform some basic analysis to determine potential IOC. This task helps develop knowledge and skill related to security event correlation tools, which is important to the Cyber Defense Analyst, Cyber Defense Forensics Analyst, Security Control Assessor, and Vulnerability Assessment Analyst. This task will also help students build toward the ability to Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations. This skill is important for the Law Enforcement/Counterintelligence Forensics Analyst.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab is presented by Cybrary and was created by CYBRScore. This lab continues to develop the skill of working with security event correlation tools and builds upon the content in the CYBRScore Event Log Collection lab and the CYBRScore Creating SIEM Reports with Splunk lab. The lab is a great addition for students pursuing the Become a Security Operations Center (SOC) career path as well as providing critical training for the Cyber Defense Analyst, Cyber Defense Forensics Analyst, Security Control Assessor, and Vulnerability Assessment Analyst work roles. Completion of the Cybrscore Log Correlation & Analysis to Identify Potential IOC lab means that the student has learned how to perform an initial review of log files, import the logs into a security event correlation tool, and analyze the logs in more depth to identify potential POC.

Click on the Cybrscore Log Correlation & Analysis to Identify Potential IOC lab to learn how to conduct an initial review of logs and then import the logs into a security event correlation tool.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.

LEARN MORE. ACHIEVE MORE.

Follow A Path

Deciphering the essentials to enter a new career is hard, so we did it for you!

Focus on building your skills and take this virtual lab in a guided Career Path.

LEARN MORE. ACHIEVE MORE.

Follow A Path

Deciphering the essentials to enter a new career is hard, so we did it for you!

Focus on building your skills and take this virtual lab in a guided Career Path.