This labĀ focuses on security use cases that can be created and managed within Splunk. For this article we will be using the Free Enterprise version, as it provides 500MB of indexing free every day.

Also, there will be standalone architecture to collect, parse and extract events rather than a distributed architecture, where multiple components are required to collect, parse, extract and display events.

Software Used: Splunk (Free Enterprise Version)

Version: 6.3.2

Log Source: Windows Event Logs, Registry logs

Splunk Indexer, Splunk Search Head: Local System (Windows 7)