How I Built an Enterprise SOC Detection Lab and Detected Realistic Attacks with Splunk and Sysmon (opens in new tab)

A walkthrough of building a 3-VM Active Directory lab, simulating real attacks from Kali Linux, and writing detection rules that fired on…