Splunk Dev

Datasets: Bruteforce and internal scanning

bouncingbubble
New Member

Hi I'm very new to splunk and would like to setup a demo and show how brute force attacks and internal network scanning is being detected by splunk.

I will use this tutorial: https://www.youtube.com/watch?v=x78lcsWPPW8 and

I'm looking for one dataset of a brute force attack and one dataset of internal network scanning, I want to import those datasets.
(Not live data)

Where can I find such datasets?

0 Karma

to4kawa
Ultra Champion

Please tell me what you did later.

0 Karma

alonsocaio
Contributor

I tried to find some specific datasets for scan attacks and brute force, maybe some of the following will help you.

https://www.unb.ca/cic/datasets/ids-2017.html
https://www.secrepo.com/

There is also some datasets from Splunk Boss of the SOC ctf, which contains a lot of security related logs:
https://github.com/splunk/botsv1
https://github.com/splunk/botsv2

If you want or need to generate real-time events you can try the Eventgen app:
https://splunkbase.splunk.com/app/1924/

Also, I would suggest you to try generating your own datasets, since some of those logs are not hard to get, as an example, Windows authentication events can be collected directly from your workstation, and to use the query in the video a small amount of logs would be enough.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...