Overview

This 13.5 hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.

Skills Covered

  • Examine how ES functions including data models, correlation searches, notable events and dashboards
  • Create custom correlation searches
  • Customize the Investigation Workbench
  • Learn how to install or upgrade ES
  • Learn the steps to setting up inputs using technology add-ons
  • Fine tune ES Global Settings
  • Customize risk and configure threat intelligence

Who Should Attend

Everyone can attend.

Course Curriculum

Prerequisites

To be successful, students should have a solid understanding of the following:

  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration

OR the following single-subject courses:

  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Subsearches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards
  • Dynamic Dashboards

Students should also have completed the following courses:

  • Splunk System Administration
  • Splunk Data Administration

Download Syllabus

Course Modules