Splunk - Analysing AWS VPC Flow logs

Published: 25 April 2022
on channel: cybersecnerd

1,091

Using Splunk to analyse AWS VPC Flow logs. It is essential for SOC Analyst to become familiar cloud data sources.

0:00 - Scene setting
1:15 - Anatomy of AWS VPC Flow logs
4:56 - Traffic in outbound direction
6:45 - Traffic in inbound direction
9:40 - Guarduty Findings - details external IP: 13.125.33.130, i.e. Brute force, Scanner , aws_account_id:XXXXXXXXXXXX, internal IP:172.16.0.178
15:20 - RARE Countries
16:25 - Going Further Step
17:10 - All Connection Attempts Over Time To Amp Ports
20:10 - Anomaly detection - Malicious IP scanning all the open ports

Watch video Splunk - Analysing AWS VPC Flow logs online without registration, duration hours minute second in high quality. This video was added by user cybersecnerd 25 April 2022, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,091 once and liked it 13 people.

6,311

109