1
00:00:08,700 --> 00:00:13,440
All right, so we went ahead and set up our powerful lobbying we finalized at the last election.

2
00:00:13,830 --> 00:00:19,250
Now we're just going to download this universal folder so the configurations can take a couple of steps.

3
00:00:19,260 --> 00:00:21,640
We're not going to get all that done in this particular passage.

4
00:00:22,020 --> 00:00:24,530
But, you know, I just want to kind of give you an overview of what's longest.

5
00:00:24,990 --> 00:00:28,670
So this is our security information and it means monitor transmission.

6
00:00:29,430 --> 00:00:32,370
So Splunk, Enterprise Travelers.

7
00:00:32,720 --> 00:00:33,620
This is a paid product.

8
00:00:33,990 --> 00:00:36,660
So we're going to use the trial version of the what it lets you do.

9
00:00:36,660 --> 00:00:41,310
It lets you search, you can analyze, you can visualize all the data that's coming in from all the

10
00:00:41,310 --> 00:00:42,690
components to your infrastructure.

11
00:00:43,170 --> 00:00:46,380
And you take the data from all of your applications, all your devices, anything.

12
00:00:46,380 --> 00:00:49,070
That's a network where he gets funneled into this box.

13
00:00:49,080 --> 00:00:50,670
So it's really, really cool.

14
00:00:50,940 --> 00:00:54,530
And what we're going to do is we're going to download the universal folder.

15
00:00:54,960 --> 00:00:59,730
So if we go to products and then our free trials and downloads, we can grab this.

16
00:00:59,850 --> 00:01:03,810
And the forwarder is kind of a trimmed down version of this black enterprise instance.

17
00:01:03,870 --> 00:01:06,150
And it just forwards data to another enterprise.

18
00:01:06,150 --> 00:01:12,210
And it's really it's just a way of shipping logs from an endpoint you want to monitor to the SIM so

19
00:01:12,210 --> 00:01:15,780
that you can perform analytics, correlations and all kinds of analysis.

20
00:01:16,230 --> 00:01:18,510
What we could do is scroll down here.

21
00:01:21,880 --> 00:01:26,330
And click download now for the Universal Forwarder, you can see here what it does, right?

22
00:01:27,220 --> 00:01:29,920
This is how you send data to Splunk Enterprise.

23
00:01:32,490 --> 00:01:33,320
All right, very cool.

24
00:01:33,340 --> 00:01:34,530
Let's get the latest version.

25
00:01:36,020 --> 00:01:39,650
All right, so if you don't have an account, you can create one here, it's free to create an account,

26
00:01:39,650 --> 00:01:41,460
but you'll need that in order to get the universal photo.

27
00:01:41,870 --> 00:01:43,130
I'm just going to login with mine.

28
00:01:54,630 --> 00:01:58,350
All right, so now what we're going to do is find windows, we've got windows here, so we're going

29
00:01:58,350 --> 00:02:00,750
to get the 64 bit version right here.

30
00:02:00,780 --> 00:02:01,830
Let's go out and grab that.

31
00:02:04,590 --> 00:02:09,210
All right, and let's see if we can also get a VW, get someone to click here.

32
00:02:10,480 --> 00:02:12,460
All right, so we got this w get.

33
00:02:14,270 --> 00:02:17,450
Got this covered to the clipboard and let's see if we can run it.

34
00:02:19,900 --> 00:02:20,620
Power show.

35
00:02:29,800 --> 00:02:36,250
So Windows actually doesn't include full command for it get there is no you get like command for windows,

36
00:02:36,250 --> 00:02:36,520
right?

37
00:02:37,210 --> 00:02:39,580
But it does exist here, right.

38
00:02:39,880 --> 00:02:40,900
So let me show you what's going on.

39
00:02:44,090 --> 00:02:50,410
We do get command or GCM, which is an alias for good command.

40
00:02:51,400 --> 00:02:53,950
I can type command type alias.

41
00:02:55,150 --> 00:03:02,800
And I can see all the Eleusis impartial, if I had the tech name and I put it, you can see that it

42
00:03:02,800 --> 00:03:06,220
is actually an alias for invoke Web request, right.

43
00:03:07,210 --> 00:03:11,620
So really what we're doing is running and retrogressed under the hood.

44
00:03:13,780 --> 00:03:16,680
And so you could just do this part in the dry and run it.

45
00:03:16,690 --> 00:03:17,580
But we don't need to do that.

46
00:03:17,830 --> 00:03:21,720
So I just want to show you kind of show you, you know, how it is working here.

47
00:03:22,180 --> 00:03:22,550
Clear.

48
00:03:23,340 --> 00:03:23,920
So let's right.

49
00:03:23,920 --> 00:03:27,880
Click inside the window and paste it inside one percenter.

50
00:03:30,140 --> 00:03:33,190
All right, we're going to let this download when it's done, we'll be able to install it.

51
00:03:34,480 --> 00:03:36,670
So it looks like this finished sweet.

52
00:03:42,660 --> 00:03:47,040
So let's see if we can find the MSRA package, we've got it right there.

53
00:03:47,760 --> 00:03:49,920
So can we find a move operation?

54
00:03:52,820 --> 00:03:53,880
Move item.

55
00:03:55,280 --> 00:03:59,840
So can we say move item path?

56
00:04:00,830 --> 00:04:03,830
Can we just like move it to a target destination?

57
00:04:03,840 --> 00:04:04,250
Let's see.

58
00:04:09,110 --> 00:04:10,820
Second, I think it did.

59
00:04:16,470 --> 00:04:17,040
Very cool.

60
00:04:17,190 --> 00:04:18,480
So now we can run this Amazigh.

61
00:04:23,620 --> 00:04:27,280
And I know what kind of farce with that will show you how to use power and future lessons that don't

62
00:04:27,280 --> 00:04:29,200
worry about it, at least not right now.

63
00:04:29,770 --> 00:04:33,430
So we're not going to be able to set this up completely because we don't have the Splunk Enterprise

64
00:04:33,430 --> 00:04:34,570
server set up completely yet.

65
00:04:34,950 --> 00:04:36,640
But what we're going to do is go as far as we can.

66
00:04:37,530 --> 00:04:42,960
So we're going to set up an unprincipled enterprise instance, we'll say customize options, we'll keep

67
00:04:42,960 --> 00:04:44,070
it in the default directory.

68
00:04:46,890 --> 00:04:53,790
We're not going to worry about certificates for a lab and we'll install it as local system and whether

69
00:04:53,790 --> 00:04:59,770
we want to log application security and the system log in the set up log is also a good idea.

70
00:05:01,050 --> 00:05:02,130
You don't need all this other stuff.

71
00:05:02,130 --> 00:05:03,420
It just creates way too much noise.

72
00:05:05,010 --> 00:05:07,640
So now we need to create an account for the universe of forwarder.

73
00:05:07,740 --> 00:05:09,450
So I'm just going to create a default account.

74
00:05:15,100 --> 00:05:15,810
Looks good.

75
00:05:17,900 --> 00:05:22,580
We don't have a deployment server, but we are going to have a receiving indexing, so let's just keep

76
00:05:22,580 --> 00:05:23,780
this the way it is for now.

77
00:05:24,140 --> 00:05:27,650
And what we're going to do now is we're going to build out our second PC, which is going to make it

78
00:05:27,650 --> 00:05:28,070
a clone.

79
00:05:28,320 --> 00:05:30,470
Our second piece is going to be just like our first PC.

80
00:05:30,830 --> 00:05:36,290
You know, we're going to set up the logging, all the stuff that we did for, you know, Sismondo,

81
00:05:36,290 --> 00:05:37,130
the Power Sherlockian.

82
00:05:37,130 --> 00:05:38,390
We just need to do that one more time.

83
00:05:38,690 --> 00:05:39,660
And it's good practice.

84
00:05:39,680 --> 00:05:43,070
You know, you want to get you want to repeat, because the more you repeat these things, the better

85
00:05:43,070 --> 00:05:47,420
you'll get at understanding, you know, exactly how your systems are instrumented and how they're set

86
00:05:47,420 --> 00:05:47,610
up.

87
00:05:48,080 --> 00:05:53,000
So what I want you to do at this point is build your second PC and then in the next lecture, you know,

88
00:05:53,000 --> 00:05:57,050
once you're done with that, start the next lecture, which is when we will set up our Windows Server

89
00:05:57,050 --> 00:05:58,700
2019 domain controller.

90
00:05:59,000 --> 00:06:02,600
And by the way, don't forget to take a snapshot of this right now.

91
00:06:02,610 --> 00:06:04,250
So actually control up to escape.

92
00:06:05,120 --> 00:06:08,870
And we can go here and we can say take snapshot

93
00:06:15,830 --> 00:06:18,770
about to install this universal forwarder.

94
00:06:20,440 --> 00:06:23,950
Take snapshot and you can see down here the snapshot state.

95
00:06:29,740 --> 00:06:34,810
Right now, snapshot states with flat definition that we should be good and you may be tempted to open

96
00:06:34,810 --> 00:06:38,360
a library and like, right click and then try to copy the VM or clone it.

97
00:06:38,950 --> 00:06:43,840
Don't do that, because for Windows, it you know, Windows has like unique goods and said you're going

98
00:06:43,840 --> 00:06:48,040
to have, like, duplicate objects when we join them to domain a little bit later.

99
00:06:48,040 --> 00:06:49,020
So we don't want to do that.

100
00:06:49,030 --> 00:06:53,260
So you just have to manually go through the process of recreating the PC, you know, create the PC

101
00:06:53,260 --> 00:06:55,720
to set up all the logging and everything else that you've learned so far.

102
00:06:56,080 --> 00:07:00,870
Then come back and we'll start the next lecture, which is setting up our dummy controller.

103
00:07:01,120 --> 00:07:03,790
So I'll see you guys in the next lecture by.