GitHub

SOC investigation using Splunk and the BOTSv3 dataset

This project demonstrates a hands-on Security Operations Center (SOC) investigation using Splunk and the BOTSv3 dataset. The objective was to analyze cloud, endpoint, and network logs to identify ...
GitHub

Unauthorized AWS API Calls (AccessDenied)

AWS CloudTrail logs in JSON format were ingested into Splunk. Most events were indexed into the default main index, which contains over 2.4 million events. A scheduled Splunk alert was configured to ...