Cybersecurity

This document outlines the hands-on exercises I completed with Splunk Enterprise, demonstrating my proficiency in log ingestion, search queries, dashboard creation, and data analysis. These exercises provided practical experience in: Installing and configuring Splunk Ingesting and analyzing logs Performing basic and advanced Splunk searches Creating tables and dashboards for real-time monitoring Extracting insights from log events Additionally, I have included resources for Windows users to gain deeper insights into Splunk’s functionality. Table of Contents Splunk SIEM Hands-on Project: Installation, Queries & Dashboard for SOC Analysts Introduction Completed Tasks Prerequisites Description Splunk SIEM Hands-on Project: Completed Tasks Splunk Installation and Lab Setup Downloaded and installed Splunk Enterprise. Configured the Splunk instance and accessed the Splunk Web Interface. Verified successful installation by running test queries. Configuring Log Ingestion Set up local event log collection. Configured Splunk to ingest Application, Security, and System logs. Enabled data inputs and confirmed successful log ingestion. Basic Splunk Search Performed a wildcard search (*) to display all indexed events. Used host, source, and EventCode filters to refine searches. Applied conditional filters to extract specific event data. Advanced Log Analysis and Event Monitoring Conducted security log analysis by filtering Windows Event Logs. Extracted insights from logs related to user authentication and failed login attempts. Created field extractions to enhance search efficiency. Creating Tables and Dashboards Designed structured data tables to visualize critical log events. Created and customized a dashboard for monitoring system activities. Implemented chart visualizations for enhanced data representation. Prerequisites Splunk Instance: These hands-on exercises require a Splunk instance for practicing data ingestion, searching, dashboard development, graphing, reporting, analysis, and visualization. I used the Splunk environment provided by the tutor. Splunk Enterprise: The Splunk content was delivered through a Splunk Cloud Platform (YouTube) and was accessible using the Splunk Enterprise credentials provided by the tutor. Objectives > Installing and configuring Splunk > Managing and configuring Splunk Installations in my local system > Design and build a dashboard to visualize key metrics and trends for multiple use cases. Description In this exercise, I created my Splunk Enterprise instance using the Splunk Show portal provided by the tutor. ✅ Step 1: I went to Splunk’s official website and logged in using my Splunk.com account. Source: Splunk ✅ Step 2: 2. After downloading Splunk, I navigated to the product section then to Splunk Enterprise. I scrolled down to the Instances Information section and expanded the ‘Splunk Enterprise’ section to locate the user credentials and the link to my lab environment after creating my account. Source: Splunk ✅ Step 3: 3. I logged in using the provided username and password (also available from the Splunk Show event). ✅Step 4: After successfully installing and logging into Splunk, I set up my logs by navigating to the right sidebar of the screen, selecting Settings, and then clicking on Data Inputs. ✅Step 5: Since I am dealing with local events on my system, I navigate to Local Event Log Collection and select Edit. Next, we need to choose the logs that will be ingested into the tool. To keep it simple, we will select Application, Security, and System logs, as they form the foundation of log collection. Then, we scroll down and click Save. The save status should be enabled because it allows the system to ingest logs. ✅Step 6: In the search bar above, we enter an asterisk (*) and press Return to search for all available events. As shown in the screenshot below, Splunk is starting to retrieve events from our local system. We are only working with the local system, not a remote system. This is a basic search, but there are many advanced search options we can explore, such as filters, different queries, and parameters. Steps 7. ✅ Next, we will open the Event Viewer through the Windows menu. ✅ Go to “Windows Logs” and scroll down to “Security”, as shown in the screenshot below. ✅ Right-click on Security and select Clear Log. ✅ I am going to clear the Security log. Here’s why: If we go back to our Splunk system, for example, the host we choose will be added to the search, including the selected parameters and fields. ✅ As seen in the image above, we will left-click on the host to Add to Search, which will then be added to the search bar. ✅ We are going to add: host=Babatunde-Qodri source=”wineventlog:security” EventCode=”5379″ in the search bar. Adding EventCode=5379 specifies the event we want to find. Then, we press Return. This is a simple way to narrow down the search. ✅ Steps: This event shows that the audit log has been cleared, which is exactly what we just did. This is a typical example of how I search for specific events in Splunk. Next, we need to copy the information in the search bar, as we will need it later. ✅ The next step is to create a table view, then skip the tour. ✅ This will generate a table, as shown below, which includes ‘Source Types’ and ‘Raw’ data. On the side of the view, you can select or deselect different types of logs. I am going to unselect ‘Raw’ so that it does not display all that information. ✅ Click _raw to unselect it, then click Done, as shown in the screenshot below. ✅ After I click Done, a table is generated with the exact fields I selected. Then, I navigate to the Dashboard and create a new dashboard from the top right side of the screen. ✅ Click Create New Dashboard from the top right corner of the screen, as shown in the screenshot below. ✅ After clicking Create New Dashboard, you will see an option to label it. We will name it “Clear Logs”, then click Create and select Dashboard Studio. Select Grid layout model. And finally click “create” ✅ Let’s create a dashboard. A dashboard is highly useful and suitable for analyzing data because it can quickly display important information, especially in areas like security, IT, and data analytics. It allows us … Read more

Imagine this: you’re driving your new Tesla along a scenic California road when suddenly a nail punctures your tyre, leaving you stranded. You call for help, but the mechanic lacks the specialized tools for your car. This scenario highlights the importance of having the right tools for the job. Similarly, security analysts face challenges when they lack the right GRC tools in today’s rapidly evolving tech landscape. Here are the top GRC tools to help you stay ahead: GRC (Governance, Risk, and Compliance) tools are essential for streamlining business-critical processes such as policy management, risk assessment, legal compliance, and operational efficiency. Unlike traditional cybersecurity tools focusing solely on data security and privacy, GRC tools provide a broader scope by evaluating, tracking, measuring, and reporting risks across finance, strategy, and operations. As businesses face increasing regulatory demands and complex risks, adopting the right GRC tools is critical for effective governance and compliance. These tools not only enhance visibility across an organization but also centralize security operations and improve collaboration between teams. Read Also: OmniHuman-1: The New AI Model That Generates Realistic Video From a Photo In this post, I’ll walk you through the Top 5 GRC Tools for 2025 that can help organizations tackle governance, dynamic risk management, and compliance challenges and explore other benefits. Additionally, I’ll outline key criteria for selecting the best GRC tools to fit your organization’s needs. Table of Contents TOP 5 GRC TOOLS IN 2025 What are GRC tools? Key features for GRC tools Who uses GRC tools? What Are the Criteria for Selecting the Best GRC Tools? 5 Best GRC Tools for 2025 How to Choose the Best GRC Tools Benefits of Implementing GRC Tools Common Challenges in Implementing GRC Tools Conclusion GRC Tools FAQ What are GRC tools? GRC tools are purpose-built software that helps organizations provide a unified approach to governance, risk, and compliance (GRC). Photo credit: jittawit GRC tools help create and streamline business processes like policy management, risk assessment, ensure legal compliance, and streamline operations. GRC tools also involve a framework full suite of management capabilities where organizations can explore to develop, implement, and maintain effective processes and controls to ensure that requirements are consistently met and protections are always in the right place. Well-functional GRC tools will help identify links in business processes, enforce internal controls, streamline operations, and secure sensitive data and protection in an organization. Governance Composed of all the business processes and policies that are developed, implemented, and maintained to provide strategic directions and guidelines for day-to-day operations. Risk Includes all activities related to monitoring, assessing, managing, and mitigating vulnerabilities to ensure that operations are not interrupted and that sensitive information is protected. Compliance Tracks compliance rules, keeps impacted teams updated about changes, and sends alerts when systems, processes, or people put the organization at risk of non-compliance violations. Source: sailpoint.com Key features for GRC tools The best GRC tools include the following features and capabilities: Audit management Auditing tools Compliance database Content and document management Dashboard customization Ability for employees to access libraries, upload compliance evidence, and file and archive documents to avoid any compliance mistakes Analytics Asset management Who uses GRC tools? Organizations use GRC tools to support and enhance the requisite cross-functional collaboration across different departments, which enables them to meet requirements. GRC tools are of particular help in industries with strict regulations, including: Biotech and life sciences Energy and utilities Financial services Food and beverage Government Healthcare Higher education Insurance Manufacturing Retail Technology Transportation and logistics Users of GRC tools span organizations and include: Senior executives to assess risks when making decisions Legal teams to help businesses avoid troubles that, in extreme cases, can result in jail time for executives Finance managers to support and maintain compliance with regulatory requirements Human resources executives to protect sensitive information IT departments to protect data from cyber threats What Are the Criteria for Selecting the Best GRC Tools? While choosing GRC tools might seem straightforward, selecting the right ones can be challenging. When choosing the best GRC tools for your business, start by determining your business objectives and assessing your requirements. If you are looking to select the best GRC tools for your organization, here are the minimum criteria to consider when evaluating a GRC platform: Assess Software Vendors and GRC Solutions GRC software is available for on-site or hosted deployments. Pricing varies based on features and system requirements like data storage, disaster recovery, server availability, and network bandwidth. Launching a new GRC initiative with a modest investment in a GRC package may make sense, while an established program may require a more mature feature set. Note that GRC software with extensive features translates into a larger investment. Automated Incident Management Functional GRC tools should automate the incident response process, creating and applying rules that direct incidents to the proper channels and trigger remediation tactics. This automation benefits organizations by ensuring timely and effective incident handling. Tools should also make it easy to track response progress from a central dashboard and create an audit trail for analysis and compliance reporting. Read Also: How DeepSeek, the Chinese AI, is Disrupting Global Tech: 5 Things You Should Know Workflow A good workflow engine is crucial for ensuring that work is distributed and monitored optimally. GRC workflows should align with those of organizations, as workflow disruptions can impact productivity and hinder adoption. Customer Support The efficacy of GRC tools depends largely on customer support during and after implementation. Important questions to ask when evaluating customer support include: What support is available if something breaks or is not working? What is the triage process for issues that go to support? Is there a dedicated support team? What is the availability of the support team? What service level agreements (SLAs) are available for support? Deployment Options While most organizations choose cloud-based GRC tools, confirming that on-premises options are available if required is essential. Understand how software updates and security patches are provided for on-premises deployments. Document Management GRC tools should … Read more