- [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise
- [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)
- [Part 1] Building a Threat Integration and Testing Lab
For this article and subsequent articles, I will be talking through the installation, configuration, and integration components in building an integrated threat and incident response lab. The primary purpose of this lab is to be able to replay malicious attack data into a SIEM environment (Splunk and Elastic will be used) and then generate appropriate alerts and actions within those SIEMs for an analyst to action. In addition, both SIEMS will be integrating MISP as a Threat Intelligence Platform to consume enriched intelligence and store and process newly generated intelligence from the lab.