ICTCYS407 - ASI - Assignment 2 - Add and analyse threat data with Splunk

docx

School

TAFE SA *

*We aren’t endorsed by this school

Course

CYIFT

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

6

Uploaded by DrBravery13096

Report
Assessment Student Instructions Assessment Title Add and analyse threat data with Splunk Competency Details Unit code/s and title/s ICTCYS407 – Gather, analyse, and interpret threat data Qualification code/s and title/s Diploma of Information Technology - Cyber Security Business unit/Work group Business and Arts/IT Studies Instructions Method/s of assessment Questioning (Written) Product (Splunk Document) Overview of assessment This assessment will require you to: Complete written questions within this document. Provide screen captures for written questions within this document. Perform searches using Splunk software Search for false positives and false negatives Find discrepancies between files Task/s to be assessed This assessment will require you to complete the following tasks: Task 1 - Ingest and search the logs Task 2 – Data discrepancies Time allowed Refer to your schedule for submission dates. This assessment should take you approximately three hours to complete. Location of assessment Assessment can be completed anywhere with access to the resources required.   (See Resources Required section below) Decision making rules To receive a satisfactory outcome for this assessment you must complete all parts correctly. Word counts are provided as guidance only. Assessment conditions This assessment must be undertaken where conditions are typical of a work environment requiring cyber secure practices, processes, and procedures. This is an unsupervised assessment, and you may access any required resources. Resources required To complete this assessment, you will require the following: VMWare, Word processing software such as Microsoft Word Microsoft Windows 10  Microsoft Office 2016  Splunk Enterprise You will need to have access to the various ITWorks Organisational Policy and Procedures located on Learn in the Document name: 25fdbf7fb790ca1b54d532da3c544193c4c0cce4.docx page 1 Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v17.0
Assessment Documents and Submission Links topic (refer to the Assessment Support Documents for Students - ASDS) ICTCYS407– ASDS – Policy ID 170 - IT Works Cyber Security Incident Reporting.docx ICTCYS407 – ASDS – linux_secure.log ICTCYS407 – ASDS – syslog.log ICTCYS407 – ASDS – firewall.log ICTCYS407 - ASDS - customers_marketing.xlsx ICTCYS407 - ASDS - customers_database.xlsx You can complete on your own computers or laptops if you are able to source the above requirements. Result notification and reassessment information You will be provided feedback and the result for your assessment on TAFESA Learn. Submitted assessments will be marked within two weeks of the assessment due date as indicated on the study schedule on LEARN. You will be and given the chance to resubmit with required corrections only once. Any resubmits must be uploaded to LEARN within 7 days of the resubmit result on LEARN. Refer to the TAFE SA assessment policy for more information https://www.tafesa.edu.au/apply-enrol/before-starting/student- policies/assessment Document name: 25fdbf7fb790ca1b54d532da3c544193c4c0cce4.docx page 2 Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v17.0
SCENARIO   BUSINESS BACKGROUND   Jim’s Trade Supplies (JTS) is a small supply company providing tradies with the tools, fasteners and industrial supplies they need.    JTS stock a number of trusted brands, like Bolle, Paslode, Powers, Bostik, Lufkin, Makita, and ProSafety, to suit tradies needs perfectly.  Frequently putting our trade supplies products through onsite testing as well as controlled environment testing to make sure that we understand its capabilities.     JTS comprise of the   Owner (Manager) – Jim Strutz  Admin Support x 2  Sales Team x 3  Delivery Driver x 2    JTS has just won a tender to supply stock to the Australia Defence Force.    SCENARIO     There has been a suspected breach of the JTS network which now urgently needs investigation. Jim is very concerned about the legal obligations for JTS and is also concerned about his customers information. Any stolen information could be very damaging to the reputation of JTS and could endanger the defence contracts. Users of the system and IT staff have noticed that the responsiveness of the Web Server has been poor since March.    As the ITWorks “IT Security Analyst”, you have confirmed with Jim the data sources that you will be investigating for suspicious activity. You now need to ingest that data into Splunk and search through the logs for anomalies. You are to analyse your results to ensure that they are reliable and consistent.  Document name: 25fdbf7fb790ca1b54d532da3c544193c4c0cce4.docx page 3 Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v17.0
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CURRENT JTS TEST SETUP           Further information     JTS Domain Controller Server:    Windows Server 2016  Domain Controller / Active Directory  DNS  DHCP Server  Internal and remote access configured  MySQL Installed  Splunk Enterprise Installed    JTS Web Server:   External Web Server  Hosts JTS Web page  Hosts JTS Store, Store database and associated store log files    Windows PC’s:   Windows 10 installed  Users’ login through Domain Controller with Domain account          Document name: 25fdbf7fb790ca1b54d532da3c544193c4c0cce4.docx page 4 Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v17.0
Task 1: Questions     Question 1:     Following the Splunk user guide , ingest all the log files identified in your interview with the manager into Splunk. Take a screenshot of the data sources window in Splunk to show all the sources added.      Question 2:     Perform a search on the web server linux_secure log file to see all events in that log file only. Provide a screenshot of the entire Splunk results window with the search text visible       Question 3:     With the previous search, using the timeline tool can you see any possible anomalies in the timeline on the 28 th of March? Describe what you can see on the timeline for login attempts on that date and compare to the rest of the timeline (25 words)    Describe how consistent the web application login data is by viewing the timeline (25 words)      Question 4:     Using the Splunk search window, narrow your search to the 28 th of March. Show a screenshot below of your search text and results:        Question 5:     Is there a username which appears to have an unusual amount of login attempts? List the user and describe their login pattern for the 28 th of March: (25 words)    Describe the reliability of this login information for the user identified above (25 Words)     Question 6:     Search for all the logins for the user identified in question 5. Analysing the pattern of previous login attempts on the timeline, describe if this anomaly is a false positive or not (30 words)      ICT Support is concerned about false negatives with accounts that have been targeted by login attacks and have not been detected. Search the log file for a top 10 count of usernames that have logged in grouped by date. Provide your search text:     Were there any anomalies that you have picked up in your search above?  Question 7:     Document name: 25fdbf7fb790ca1b54d532da3c544193c4c0cce4.docx page 5 Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v17.0
Describe what a data discrepancy is (25 words):    Describe what a data inconsistency is (25 words):      Question 8:     Marketing has a list of customer details which they believe to be up to date (ICTCYS407 - ASDS - customers_marketing.xlsx), they are concerned that the information in our database is not current. You have been provided with an excel file by marketing which contains all the customers known to the marketing department and their details.    You need to compare the information from the database customer table (ICTCYS407 - ASDS - customers_database.xlsx) and compare it to the Excel document given by marketing.    How would you find any discrepancies between the two documents using software? (Minimum 40 Words)  Show minimum one screenshot with the discrepancies highlighted by the software chosen.  You must highlight and describe minimum three discrepancies that you found (10 words each)    You may use ‘spreadsheet compare’ or ‘ textcompare.org/excel ’ to find the discrepancies and inconsistencies.   Document name: 25fdbf7fb790ca1b54d532da3c544193c4c0cce4.docx page 6 Document Set Release Version: v1.1 - 18/10/2022 © TAFE SA | RTO CODE 41026 | CRICOS 00092B TAFE SA Template Version: Assessment Student Instructions v5.0 Document development version: v17.0
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

mktg 379 project (1).pdf
IT-116 Lab6B.docx
cysa+ch4.pdf
cysa+ch5.pdf
Case 3 Doosan Infracore International.docx
Week 5 discussion.docx
ICTCYS407 - ASI - Assignment 3 - Present your findings.docx
data quiz.pdf
section c.docx
Assignment 4.pptx
Discussion 3 CMGT555.docx
CMIT 291 Project 2 - Client Response Memorandum (TEMPLATE).docx