Creating Dashboards and Alerts for Fictional Organization

I was tasked with reviewing data after an attack, and identify the time, accounts, and methods used during the attack. Furthermore, in reviewing the data, I determined thresholds from various data points (account status, login attempts, etc.) to set alerts to notify security personnel of any events that were higher than normal. To do this, I started by importing data and logs into Splunk. Once the data was in Splunk, I used queries and search strings to analyze the data and determine the thresholds -- including identifying which accounts were used, specific times when the attack occurred, and what the attackers were targeting. Moreover, I was also able to determine the origin country of the attack by using Splunk.