Overview
This 13.5 hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.
Skills Covered
- Examine how ES functions including data models, correlation searches, notable events and dashboards
- Create custom correlation searches
- Customize the Investigation Workbench
- Learn how to install or upgrade ES
- Learn the steps to setting up inputs using technology add-ons
- Fine tune ES Global Settings
- Customize risk and configure threat intelligence
Who Should Attend
Everyone can attend.
Course Curriculum
Prerequisites
To be successful, students should have a solid understanding of the following:
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
OR the following single-subject courses:
- What Is Splunk?
- Intro to Splunk
- Using Fields
- Scheduling Reports and Alerts
- Visualizations
- Leveraging Lookups and Subsearches
- Search Under the Hood
- Introduction to Knowledge Objects
- Creating Knowledge Objects
- Creating Field Extractions
- Enriching Data with Lookups
- Data Models
- Introduction to Dashboards
- Dynamic Dashboards
Students should also have completed the following courses:
- Splunk System Administration
- Splunk Data Administration
Course Modules
Exam & Certification
This course is not associated with any Certification.