I finally completed this project! 🥳🥳 This was an amazing project to get hands-on with and troubleshoot. Can't wait to play around more later. Thanks Day!
Great video! I’ve been looking for someone to go through the process at a steady pace and you have done a excellent job of that. I will definitely be keeping an eye out for newer videos. Keep it up!
Hi there, I installed the universal forwarder on windows, installed the microsoft TA too, currently I am able to capture Registry logs but in the logs i receive in splunk indexer, the user who did the action is not in the logs. can you help me pls?
How are you connected to the wifi in the Domain Controller? I've done everything you have so far but I have no wifi, so I can't install universal forwarder
I managed to fix it. You have to create a firewall rule on your pfsense interface to allow connections from that machine. 1. Go to your pfsense web interface from your kali machine as shown in previous videos 2. After logging in, at the top bar, go to "Firewall" and then "Rules" from the dropdown. 3. Select the network where your Domain controller is. In my case it was "Organization Network." 4. Click the "Add" button at the bottom with the arrow pointing downwards. 5. Change these settings: Action -> Pass, Protocol -> Any, Source -> Any, Destination -> Any. 6. Click save and finally Apply changes at the top. That should give internet access to the machines you want.
I had the same issue too. I had to copy the inputs.conf file from C:\ProgramFiles\SplunkUniversalForwarder\etc\system\default and paste it at C:\ProgramFiles\SplunkUniversalForwarder\etc\system\local. Hope that helps
I finally completed this project! 🥳🥳 This was an amazing project to get hands-on with and troubleshoot. Can't wait to play around more later. Thanks Day!
Great video! I’ve been looking for someone to go through the process at a steady pace and you have done a excellent job of that. I will definitely be keeping an eye out for newer videos. Keep it up!
Great video
Awesome video! I've been trying to figure out how this worked
Glad to help!
Do you know anything about Threat Intelligence Analysts by any chance in terms of like a home lab?
Thank you wonderful person!
Thanks!
You're welcome!
After doing lab setup how we can see AD logs like creation of user or adding to group in splunk...
Generate it by performing those attacks 🙂
Hi there, I installed the universal forwarder on windows, installed the microsoft TA too, currently I am able to capture Registry logs but in the logs i receive in splunk indexer, the user who did the action is not in the logs. can you help me pls?
Thanks Man ✌
I couldn't connect to the wifi in the Domain Controller. I've done everything you have so far but I have no wifi. Any suggestions?
Same problem. Did you fix it?
@@mustafanoorzaiy4447 see the reply
can we use in collect to forward logs to splunk
nice bro!
Thanks dude!
How are you connected to the wifi in the Domain Controller? I've done everything you have so far but I have no wifi, so I can't install universal forwarder
got the same issue. were u able to fix it?
@@charlesbutawan2034 I had the same issue and I missed the part where I was supposed to change the domain vm network adapter to vmnet3.
@@kentrelaustin7196 i changed it already but i still get the same issue :/
@@charlesbutawan2034 did you fix it ?
I managed to fix it. You have to create a firewall rule on your pfsense interface to allow connections from that machine.
1. Go to your pfsense web interface from your kali machine as shown in previous videos
2. After logging in, at the top bar, go to "Firewall" and then "Rules" from the dropdown.
3. Select the network where your Domain controller is. In my case it was "Organization Network."
4. Click the "Add" button at the bottom with the arrow pointing downwards.
5. Change these settings: Action -> Pass, Protocol -> Any, Source -> Any, Destination -> Any.
6. Click save and finally Apply changes at the top.
That should give internet access to the machines you want.
Thanks so much for this. Could you share your steps with me
i didn't find the AD in the splunk forworder
same issue
Mine just took a while before showing up. Also refreshed the web page.
HELP, I can't see the "local event logs" option in my splunk interface. From 12:45
I had the same issue too. I had to copy the inputs.conf file from C:\ProgramFiles\SplunkUniversalForwarder\etc\system\default and paste it at C:\ProgramFiles\SplunkUniversalForwarder\etc\system\local. Hope that helps