Splunk Ain't No Junk
Many Sides of Crowley
You, Me, and VSP
ECU, PPOA, AND Cracker Barrel
Miscellaneous
100

Before and after. If index is before, what comes after index in a Splunk query? According to the VSP Runbook?

Index= or  equals

100

15 Minutes to respond working. How long to respond if no Incident #

One hour

100

I know you, you know me, what does VSP mean

Vision Service Plan

100

ICU is Intensive Care Unit, Explain ECU meaning

Elevations Credit Union

100

IPSOS Related

Multiple Login Failures (Windows Event) keep it or sweep it 

Keep if Windows remove if Unix

200

Many organizations use Splunk. Name the one's we partner with utilizing Splunk

Cracker Barrel and VSP

200
Locked out of your car call Triple A. Locked out of your 9account how do you get back in to play?
200

Distro's, Distro's, Distro's, which one to use to send information to the customer 

Lumen IR

200

Hey, Hey, what is PPOA

Physicians Partners of America 

200

IPSOS Related

To dot or not to dot explain correct obfuscation for IPSOS URL

[.]

300

 State how to check a user's  start date

Click on the LDAP 

300

Boulders to rocks, rocks to gravel who do we call in an Impossible Travel

Crowley Service Desk 1-866-287-3366

300

Hide and seek to find who is on call for VSP on the VSP side. State where do you go to get that information.

VSP PORTAL VICTOROPS TO SEE WHO IS ON CALL

https://portal.victorops.com/membership/#/sso

300

ECU Related

911 operators are always on call. Name three people we could possibly call if a HIGH Alert may fall.

Philip Lawrence, James Washington, Joe Gerard, Anthony Fittipaldi , Wade Lind

300

Training, Training, Training name the lady that did our COPA Training

Dianne Smeigh

400

Feature is more than a film. Name two features of Splunk?


  • Collect and Index Data. Splunk collects data from virtually any source and location. ...
  • Workload Management. ...
  • Search, Analyze and Visualize. ...
  • Monitor, Alert and Report. ...
  • Machine Learning Toolkit (MLTK) ...
  • Apps and Premium Solutions.
400

Birthdays and Weddings have cake, surprise us and explain how to obfuscate --- a url link in Crowley

<DOT>

400

You use it every time you log into Chronicle SOAR. Explain the definition of SAML

Security Assertion Markup Language

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider

400

Cracker Barrel Related

Four minus two is two. Name two of the four file server access alerts

HRIS/Comp/PromotionProcess Accessed

Activity alert for the Payroll Directory

I9 Discrepancy Reports Accessed

Executive Compensation Accessed

400

This is ECU Related

If Lumen Tier 2 has to reach out name who they would reach out to at ECU.

Chris strickland or Justin Mullen

500

For 5, name the three modes in Splunk

Fast, Smart, Verbose

500

Default Template is DT, Tell us what's the meaning of KB in KB0045079

What is Knowledge Base

500

For 5 name three of the six Keith Dashboard searches in splunk.

keithSEC: AID Activity Search

keithSEC: Domain Activity Search

keithSEC: Hostname Activity Search

keithSEC: IP Activity Search

keithSEC: Lookup Table Activity Search

keithSEC: User Activity Search


500

PPOAYYY; write or not to write for swc-cxt-update

Do not write svc-ctx-updater is the correct spelling

These alerts are for CB agent rollout via citrix/powershell

500

Cracker Barrel Related

To escalate or not to escalate? Name three reasons we DO NOT Escalate. Onelogin Login Risk Score Exceeded

Do not escalate if the following:

  • If user has a start date within 30 days
  • If there are less than 10 login attempts
  • If you see Lebanon, Tennessee in the Reasons field.
  • If the user agent is "python-requests/2.25.1" or higher versions of python AND the IP is in the 104.219.88.0 - 104.219.95.255 range