This lab simulates a real-world Active Directory attack and detection environment designed to practice SOC operations, threat detection, and incident investigation using Splunk SIEM, Sysmon, and Atomic Red Team.
The environment models an enterprise Windows domain that is being actively attacked from an external adversary machine, while all security-relevant events are centrally collected and analyzed in Splunk.
Table of Content