Splunk Cyber Security Report Writing - IT Computer Science Assignment Help

Assignment Task

Task 1: Splunk Based Incident Investigation

Frothly competitors are looking to take intellectual property from them, and the Chief Information Officer believes that they may try to compromise online Frothly systems. The following questions are related to possible attack on the Frothly computer systems. As part of the answer for each of these questions, your report must include:

• A clear description of the reasoning for your answer.

 • A detailed description of the process that you followed and the searches that you used to obtain the answer. It is expected that you will include screenshots in your description.

1. Provide a list of all the Windows users at Frothly and the IP address of their workstations.

2. What IP address uploaded a suspicious file to a Frothly OneDrive account? What makes this file suspicious?

3. Frothly uses Microsoft Azure Active Directory for centralised authentication services. What expired user has logged in successfully from an external IP address?

4. Who emailed an Office 365 macro-based malware file?

5. What is the Linux user and password created by the "root" user on an on-premise Linux system?

6. What is the Windows user created on a compromised windows endpoint system and what groups is the user assigned to?

7. What is the suspicious file downloaded to the compromised endpoint system? What does the file do?

8. A set of files is Included In phishing emails sent to the Frothly staff. When did these phishing emails get sent?

9. What is the name of the executable malware file attached to the phishing emails?

10. Which users clicked on the malicious link included in the phishing emails?

Metrics and Visualisation:

Develop a Splunk cyber security related dashboard for the Frothly botsv3 security Incident referred to in the previous questions. The dashboard should include 5 panels with a variation of visualisations with at least one single value display. The dashboard should use at least the following Splunk functions:

• Macros

• Pivot

• Transaction

• Custom Field Extraction

• Choropleth map

As well as showing the output of the dashboard, your report must include:

• A clear description of the design of your dashboard, explanations of the searches used, and the importance and purpose of each panel with relation to the security Incident.

• A detailed description of how you incorporated command functionality into the dashboard and the reasoning for why the panel shows important cyber security Information.

Background:

Frothly is a small premium beer brewing company with intensions of making it big. Competition in the brewing industry has become intense. Other companies are looking to get intellectual property from Frothly by whatever means possible.

Your job now is to investigate the possible breach to determine what was stolen or if a breach occurred. The Chief Information Officer is also concerned about cyber security practice and management within the organisation and has asked you to provide a review of these processes and procedures in line with recent relevant vulnerabilities.

This IT Computer Science Assignment has been solved by our IT Computer Science Expert at My Uni Papers. Our Assignment Writing Experts are efficient to provide a fresh solution to this question. We are serving more than 10000+ Students in Australia, UK & US by helping them to score HD in their academics. Our Experts are well trained to follow all marking rubrics & referencing Style. Be it a used or new solution, the quality of the work submitted by our assignment experts remains unhampered.

You may continue to expect the same or even better quality with the used and new assignment solution files respectively. There’s one thing to be noticed that you could choose one between the two and acquire an HD either way. You could choose a new assignment solution file to get yourself an exclusive, plagiarism (with free Turn tin file), expert quality assignment or order an old solution file that was considered worthy of the highest distinction.