Answer Sheet-Splunk Transforming Commands and Report

The document provides instructions and questions for a Splunk lab assignment divided into multiple tasks. It outlines the points possible for each question and step. The questions involve searching the Splunk data to find specific information like URLs, using commands like table to visualize the data, analyzing trends with charts, and finding the most frequent values. Screenshots of searches and dashboards are to be pasted into an answer sheet. The post-lab question asks about reporting standards and whether an event of a rejected file would be reported, including reasons for those choices.

Uploaded by

Rotana Alkaabi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

90 views6 pages

Answer Sheet-Splunk Transforming Commands and Report

Uploaded by

Rotana Alkaabi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 6

Answer Sheet: Splunk Transforming Commands and Report Lab

Total Points: 55 pts

Task Pt Questions
s
Task 1 4 1. Can you find what is the URL of the file that the IDS rejected? Put
your answer in the answer sheet.

4 2. Use the “table” command to make a table that includes file hashes
and action.
Copy your search statement and paste in the answer sheet.

Task 1 4 Step 1:
5 Refine the above search to get the expected result. Copy and paste your
search in the answer sheet.
4 6. Can you search how many zip files did the IDS process? Copy and
paste your search in the answer sheet.

4 Step 3:
Take a screenshot of the line chart and paste it in the answer sheet.
4 Step 4:
Copy and paste your search statement in the answer sheet.

4 Step 5:
Search for the top 5 of the most frequent values of “FileHash” field. Paste
your search statement in the answer sheet.
4 Step 6:
Can you find the numbers of unique files that were allowed and denied by
the IDS? Copy and paste your search in the answer sheet.

Task 2 4 Take a screenshot of your dashboard and paste it in the answer sheet.

Task 2 5 Module 9 Lab: Take a screenshot of your final search in Splunk and paste
it in the answer sheet and paste it to the answer sheet.
5 Module 10 Lab: Take a screenshot of your dashboard in Splunk and past
it to the answer sheet.

5 When you complete all the modules, take a screenshot of the course
overview that reflects your completion and paste it in the answer sheet.
Post- 4 Read “Why write reports” and “Reporting Standards” sections in
Lab Chapter 16. Suppose during the analysis in Task 1 (analyzing the Scan
Questio log) you discovered a file was rejected, will you report this event? Are
ns there any fields you want to include in your report? Briefly explain why.
(It is an open question. It is important to explain why your make the
choices.)
Yes, I will report this event or report any files rejected because when I
make the
report, the report has to have complete information about all files that
are scanned
and all files that are not scanned, I also will include the reason why that
file was
rejected to scan.
It is always important to report any rejected file because this file was
rejected for
a reason. And the reason maybe the file was malicious or empty or has
another
problem.