This project demonstrates the implementation of Sysmon and Splunk Enterprise to monitor, detect, and analyze attack activities in a Windows Active Directory environment.
The lab simulates a brute force attack from Kali Linux against a Windows domain user, and analyzes the generated logs using Splunk dashboards.
- Windows 10 (Domain Client)
- Windows Server (AD DC)
- Ubuntu Server (Splunk Enterprise)
- Kali Linux (Attacker)
- VirtualBox (NAT Network)
- Splunk Enterprise
- Splunk Universal Forwarder
- Sysmon
- Kali Linux
- xfreerdp
This project is created for educational and authorized lab purposes only.