Beginner Pro

Detecting Abnormal Network Traffic Using Splunk

Set up a network monitoring system to detect abnormal traffic patterns, including data exfiltration and command-and-control (C2) communication, by leveraging Suricata with Emerging Threats (ET) rules and analyzing logs using Splunk.

Self-Paced by Rajneesh Gupta

Overview

Set up a network monitoring system to detect abnormal traffic patterns, including data exfiltration and command-and-control (C2) communication, by leveraging Suricata with Emerging Threats (ET) rules and analyzing logs using Splunk.

Key Outcomes

  • Deploy and configure Suricata as a high-performance network intrusion detection system
  • Leverage Emerging Threats (ET) rule sets to detect real-world attack behaviors such as data exfiltration, malware command-and-control (C2) traffic, port scans, and abnormal protocol usage.
  • Simulate network-based attacks
  • Analyze network alerts in Splunk to identify attacker techniques

What You'll Learn

  • Deploying Suricata for Network Intrusion Detection

    Learn how to install, configure, and operate Suricata as a high-performance IDS to monitor network traffic in real time.

  • Using Emerging Threats (ET) Rules for Detection

    Understand how ET rule sets detect real-world threats such as data exfiltration, C2 communication, malware traffic, port scans, and protocol anomalies.

  • Simulating Network-Based Attacks for Training

    See how to safely generate suspicious or malicious traffic patterns to trigger Suricata alerts and validate detection capabilities.

Prerequisites

  • Linux system with Suricata installed (or ready to install)
  • Basic understanding of network protocols (TCP/UDP/HTTP/DNS)
  • Access to Emerging Threats (ET Open) ruleset
  • Splunk instance configured to receive Suricata logs
  • Familiarity with packet flow, IDS concepts, and log analysis

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.