| Back to Home 🏠| Next:Introduction |
“You’re just getting started at StackFull Software. Alice, a Level 2 SOC Analyst, has been assigned as your mentor to help you learn the ropes at your new company. She’s educating you on the various business units you’ll be working with, such as software engineering, human resources, business development, and of course, information technology (IT). Your department, the cybersecurity department, falls under the IT business unit.
You continue to get more familiar with StackFull Software, thanks to Alice. She lets you know about all of the log files from the various business units that feed into the Splunk SIEM. This includes firewall logs, Windows Event logs, Jira logs, software engineering logs, and so much more. As a cyber professional, this is good practice as it allows SOC analysts to view anything and everything that may be important when it comes to resolving a cyber incident. Proper logging is crucial for handling cyber incidents.
Alice grants you access to Splunk where you can view all of these various logs. Unfortunately, it appears that you were unable to search anything due to some odd configuration issue within Splunk. She establishes an SSH connection to the Splunk server to see what’s wrong.
It looks like James, another Level 1 SOC Analyst has inadvertently changed a configuration file named config.conf that is preventing you from looking at logs. You don’t know exactly where the file is, but you know that Splunk stores all of its files within the /opt/splunk directory. You will need to modify the configuration file so that you can properly view logs within Splunk” (Career Simulation 1, n.d.)
| Back to Home 🏠| Next:Introduction |