Reference no: EM133703640

Detect threats When determing threat status you should consider the following scenario for the target. The user of the target PC sometimes utilises a remote desktop client from home to access programs on the target PC at the work premise. The user does not transfer files between work and home using SSH, FTPS or any other similar command line data transfer protocol. The user is not technical ICT staff and is unlikely to need or understandthe use of enumeration tools. The user generally conducts work between 9am - 5:30pm Mon to Fri. After importing the data from the local security log file, carry out the following. 1.Use Splunk search to locate three reliable threat indicators in the Security log data. 2.Provide the exact search query syntax used to locate the threat indicators. Note that multiple queries may be required to confirm a result is actually related to a threat

3.Explain how the results reliably indicate that a threat is present For example, simply citing a failed login attempt is not evidence of a threat. Evidence of a threat could include reference to dates, times, user accounts, system commands, malicous commands, information found via manual search and other factors that together infer that the result could be a threat Note that the existing recurring threat as detailed in question 1, may be used as one of the three threats. However, the threat must be identified within the security log and be accompanied by an explanation of how the search results reliably indicate a threat is present. Enter response here: Threat 1 Threat 2 Threat 3