Texts: Your supervisor was surprised by the results of your DMZ breach simulation and has asked you to evaluate the SIEM's ability to detect signs of the breach. Your tasks are to: 1. Run a search query in Splunk that will return events generated by Snort in response to Infection Monkey. 2. Use the Internet as needed to research the search functionality in Splunk.
Added by Megan H.
Step 1
Ensure you have the necessary permissions to run search queries and access the data sources that include Snort logs. Show more…
Show all steps
Your feedback will help us improve your experience
Akash M and 59 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Lab 1: Assessing and Securing Systems on a Wide Area Network (WAN) 1. What is the first Nmap command you ran in this lab? Explain the switches used. 2. What are the open ports when scanning 100.16.16.50 (TargetVulnerable01) and their service names? 3. What is the Nmap command line syntax for running an MS08-067 vulnerability scan against 100.20.9.25 (TargetWindows04)? 4. Explain why the MS08-067 exploit is bad. 5. What operating system did Nmap identify for the three IP addresses you scanned in the lab.
Supreeta N.
The vulnerability reports you generated in the lab identified several critical vulnerabilities. You used the vsftpd vulnerability to open a remote command shell, but there is one other vulnerability in that report that could allow a hacker to open a remote command shell. In your Challenge Questions file, identify the second vulnerability that could allow this access. First, search Metasploit for the exploit associated with this vulnerability, and then use that exploit to open a remote shell. In the remote command shell, document your successful exploit. In your Challenge Questions file, document the recommended solution for the vulnerability.
Aarya B.
Describe the network topology you found when running Nmap. Include screenshots as evidence of running Nmap. Summarize the vulnerabilities on the network and their potential implications based on your Nmap results. Describe the anomalies you found when running Wireshark, on the network capture file, and include evidence of the range of packets associated with each anomaly. Summarize the potential implications of not addressing each of the anomalies found when running Wireshark. Recommend solutions for eliminating or minimizing all identified vulnerabilities or anomalies from Wireshark and Nmap. Use current industry-respected reliable research and sources to support your recommendations.
Akash M.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD
