https://community.splunk.com/t5/Splunk-Dev/Datasets-Bruteforce-and-internal-scanning/m-p/498899#M8976 <P>I tried to find some specific datasets for scan attacks and brute force, maybe some of the following will help you.</P> <P><A href="https://www.unb.ca/cic/datasets/ids-2017.html">https://www.unb.ca/cic/datasets/ids-2017.html</A><BR /> <A href="https://www.secrepo.com/">https://www.secrepo.com/</A></P> <P>There is also some datasets from Splunk Boss of the SOC ctf, which contains a lot of security related logs:<BR /> <A href="https://github.com/splunk/botsv1">https://github.com/splunk/botsv1</A><BR /> <A href="https://github.com/splunk/botsv2">https://github.com/splunk/botsv2</A> </P> <P>If you want or need to generate real-time events you can try the Eventgen app:<BR /> <A href="https://splunkbase.splunk.com/app/1924/">https://splunkbase.splunk.com/app/1924/</A></P> <P>Also, I would suggest you to try generating your own datasets, since some of those logs are not hard to get, as an example, Windows authentication events can be collected directly from your workstation, and to use the query in the video a small amount of logs would be enough.</P> Thu, 28 Nov 2019 23:56:12 GMT alonsocaio 2019-11-28T23:56:12Z https://community.splunk.com/t5/Splunk-Dev/Datasets-Bruteforce-and-internal-scanning/m-p/498898#M8975 <P>Hi I'm very new to splunk and would like to setup a demo and show how brute force attacks and internal network scanning is being detected by splunk. </P> <P>I will use this tutorial: <A href="https://www.youtube.com/watch?v=x78lcsWPPW8">https://www.youtube.com/watch?v=x78lcsWPPW8</A> and </P> <P>I'm looking for one dataset of a brute force attack and one dataset of internal network scanning, I want to import those datasets.<BR /> (Not live data)</P> <P>Where can I find such datasets?</P> Thu, 28 Nov 2019 15:04:12 GMT https://community.splunk.com/t5/Splunk-Dev/Datasets-Bruteforce-and-internal-scanning/m-p/498898#M8975 bouncingbubble 2019-11-28T15:04:12Z https://community.splunk.com/t5/Splunk-Dev/Datasets-Bruteforce-and-internal-scanning/m-p/498899#M8976 <P>I tried to find some specific datasets for scan attacks and brute force, maybe some of the following will help you.</P> <P><A href="https://www.unb.ca/cic/datasets/ids-2017.html">https://www.unb.ca/cic/datasets/ids-2017.html</A><BR /> <A href="https://www.secrepo.com/">https://www.secrepo.com/</A></P> <P>There is also some datasets from Splunk Boss of the SOC ctf, which contains a lot of security related logs:<BR /> <A href="https://github.com/splunk/botsv1">https://github.com/splunk/botsv1</A><BR /> <A href="https://github.com/splunk/botsv2">https://github.com/splunk/botsv2</A> </P> <P>If you want or need to generate real-time events you can try the Eventgen app:<BR /> <A href="https://splunkbase.splunk.com/app/1924/">https://splunkbase.splunk.com/app/1924/</A></P> <P>Also, I would suggest you to try generating your own datasets, since some of those logs are not hard to get, as an example, Windows authentication events can be collected directly from your workstation, and to use the query in the video a small amount of logs would be enough.</P> Thu, 28 Nov 2019 23:56:12 GMT https://community.splunk.com/t5/Splunk-Dev/Datasets-Bruteforce-and-internal-scanning/m-p/498899#M8976 alonsocaio 2019-11-28T23:56:12Z https://community.splunk.com/t5/Splunk-Dev/Datasets-Bruteforce-and-internal-scanning/m-p/498900#M8977 <P>Please tell me what you did later.</P> Fri, 29 Nov 2019 12:36:22 GMT https://community.splunk.com/t5/Splunk-Dev/Datasets-Bruteforce-and-internal-scanning/m-p/498900#M8977 to4kawa 2019-11-29T12:36:22Z