CyberT SIEM Lab Workspace

Splunk VPN Data Analysis Guidelines

  1. Ingest Logs: Upload your provided VPN-logs-Splunk_intro.json file into your Splunk environment instance under a clean, specific test index.
  2. Discover Metadata: Look at your sidebar field picker values to answer the structural setup questions (Questions 1–4).
  3. Execute Search Strings: Use commands like index="VPN_Logs" | stats count by UserName or filter statements like action!=France to extract specific target parameters.
  4. Validate Indicators: Type your numerical answers or specific text strings into the fields below using the abstract masked placeholders (e.g., **) as structure hints.
Part A: Splunk Data Field Discovery
Part B: VPN Log Forensic Verification
0 / 0 Solved