Day 3 | Splunk SIEM Basics How I Found the Attacker IP in Logs (24 Days of Hacking Challenge)

The video documents Day 3 of a 24 Days of Hacking Challenge, focusing on Splunk Security Information and Event Management (SIEM) basics through a simulation involving a ransomware attack scenario hosted on TryHackMe's Advent of Cyber 2025 lab. The content provides step-by-step instructions for a Security Operations Center (SOC) analyst-style investigation, targeting practical skills for cybersecurity beginners and those preparing for blue team roles. Key procedures covered include ingesting and parsing custom log data, formulating queries using Search Processing Language (SPL) to filter records, and identifying suspicious network activities.

Specific techniques demonstrated involve utilizing the Splunk Search & Reporting interface, running index searches such as 'index=main' for initial log exploration, and analyzing web traffic alongside firewall logs. The ultimate objective of the exercise is the successful identification of the attacker's Internet Protocol (IP) address through anomaly detection within the collected security data, offering hands-on experience in log analysis and threat hunting.