Course Overview
This 13.5 hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.
What are the skills covered
- Examine how ES functions including data models, correlation searches, notable events and dashboards
- Create custom correlation searches
- Customize the Investigation Workbench
- Learn how to install or upgrade ES
- Learn the steps to setting up inputs using technology add-ons
- Fine tune ES Global Settings
- Customize risk and configure threat intelligence
Who should attend this course
- SOC Analyst
- SOC Engineer
Course Curriculum
What are the Prerequisites
To be successful, students must have completed the following Splunk Education course:
- Using Splunk Enterprise Security
Students should also be familiar with the topics covered in the following courses:
- Intro to Splunk
- Using Fields
- Visualizations
- Search Under the Hood
- Intro to Knowledge Objects
- Creating Knowledge Objects
- Creating Field Extractions
- Enriching Data with Lookups
- Data Models
- Introduction to Dashboards
- Splunk Enterprise System Administration AND Splunk Enterprise Data Administration OR Splunk Cloud Administration
Course Modules
Exam & Certification
This course is not associated with any Certification.
