Access data-driven insights, combat threats, protect your business and mitigate risk at scale with analytics you can act on.

If you’re looking for a powerful and comprehensive security solution, look no further than Splunk Enterprise Security. This robust platform offers everything you need to protect your data and keep your business safe.

Splunk Enterprise Security is designed to help you quickly identify and respond to security threats. It includes a wide range of features that make it easy to deploy and manage, while also providing the flexibility to customize it to your specific needs.

The platform offers comprehensive event processing and normalization capabilities, making it easy to consolidate data from multiple sources and get the big picture view of your security posture. It also includes a number of add-ons and technologies that enhances its functionality, such as dashboard dependencies, data models, and threat intelligence.

If you’re responsible for installing and configuring Splunk Enterprise Security, this 13.5 hour course is a must-take. You’ll learn all about event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence. This is critical information that will help you make the most of Splunk Enterprise Security and keep your organization safe.

Don’t miss out – enroll today!

Overview

This 13.5 hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.

Skills Covered

  • Examine how ES functions including data models, correlation searches, notable events and dashboards
  • Create custom correlation searches
  • Customize the Investigation Workbench
  • Learn how to install or upgrade ES
  • Learn the steps to setting up inputs using technology add-ons
  • Fine tune ES Global Settings
  • Customize risk and configure threat intelligence

Prerequisites

To be successful, students should have a solid understanding of the following:

  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration

OR the following single-subject courses:

  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Subsearches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards
  • Dynamic Dashboards

Students should also have completed the following courses:

  • Splunk System Administration
  • Splunk Data Administration

Target Audience

Everyone can attend.

Course Curriculum

Module 1: Introduction to Enterprise Security

  • Explain the function of a SIEM
  • Give an overview of Splunk’s Enterprise Security (ES)
  • Describe detections and findings
  • Configure ES roles and permissions
  • Give an overview of ES navigation

Module 2: Customizing the Analyst Queue and findings

  • Give an overview of the Analyst Queue
  • Create and use Analyst Queue Views
  • Customize the Analyst Queue
  • Modify Urgency
  • Create new Status values
  • Add fields to Finding attributes
  • Create ad hoc Findings
  • Suppress Findings

Module 3: Working with Investigations

  • Give an overview of an investigation
  • Use and create Response Plans
  • Add Splunk events to an investigation
  • Use Playbooks and Actions

Module 4: Asset & Identity Management

  • Review the Asset and Identity Management interface
    Describe Asset and Identity KV Store collections
    Configure and add asset and identity lookups to the interface
    Configure settings and fields for asset and identity lookups
    Explain the asset and identity merge process
    Describe the process for retrieving LDAP data for an asset or identity lookup

Module 5: Data Normalization

  • Understand how ES uses accelerated data models
  • Verify data is correctly configured for use in ES
  • Validate normalization configurations
  • Install additional add-ons
  • Ingest custom data in ES
  • Create an add-on for a custom sourcetype
  • Describe add-on troubleshooting

Module 6: Detection Engineering

  • Give an overview of how to create Event-based detections
  • Review the Detection Editor
  • Give an overview of how to create Finding-based detections

Module 7: Risk-Based Alerting

  • Give an overview of Risk-Based Alerting (RBA)
  • Explain risk scores and how they can be changed by detections or manually
  • Review the Risk analysis dashboard
  • Understand Finding-based detections
  • Describe annotations
  • View risk information in Analyst Queue findings

Module 8: Managing Threat Intelligence

  • Understand and configure threat intelligence
  • Use the Threat Intelligence interface to configure threat lists
  • Configure new threat lists

Module 9: Post-Deployment Configuration

  • Give an overview of general ES install requirements
  • Explain the different add-ons and where they are installed
  • Provide ES pre-installation requirements
  • Describe the Splunk_TA_ForIndexers app and where it is installed
  • Set general configuration options
  • Configure local and cloud domain information
  • Work with the Incident Review KV Store
  • Customize navigation
  • Configure Key Indicator searches

Dates & Locations

Let’s make it work for you

Can’t find a date that fits? Need to train your whole team? Looking for a discount?
Speak to one of our learning experts today.

x Clear all selections

July 6, 2026 - July 8, 2026

Location: Online
Modal: VILT
Availability: TBC
RM 7050
Trainocate exam and cert

Exam & Certification

#N/A

Training & Certification Guide

Frequently Asked Questions

Splunk is a powerful tool for analyzing and visualizing data from a variety of sources, including log files, application data, and network traffic. It can be used to troubleshoot issues, detect security threats, and gain insights into the performance and usage of systems and applications.

There are several reasons why learning Splunk might be beneficial:

  • Demand for Splunk skills is high: Splunk is widely used in a variety of industries, and there is a high demand for professionals with Splunk skills
  • Splunk can be used to solve complex problems: Splunk’s advanced search and analysis capabilities allow you to quickly identify and resolve issues, which can save time and resources
  • Splunk can improve efficiency: Splunk allows you to automate the collection, analysis, and visualization of data, which can improve the efficiency of your operations
  • Splunk is a valuable tool for data professionals: If you work in data analytics or data science, learning Splunk can help you extract insights and value from large datasets

Splunk has a strong ecosystem: Splunk has a large and active community of users, as well as a rich ecosystem of partners and integrations, which makes it easy to find resources and support when using the tool.

Splunk is a powerful tool that is widely used in a variety of industries, and there is a high demand for professionals with Splunk skills.

Splunk is particularly useful for log management, security analytics, and operational intelligence, and it can be used to troubleshoot issues, detect security threats, and gain insights into the performance and usage of systems and applications.

If you work in IT, data analytics, or a related field, learning Splunk can be a valuable addition to your skill set and may open up new job opportunities. Splunk is also a useful tool for data professionals, such as data analysts and data scientists, as it allows you to extract insights and value from large datasets.

Splunk offers a range of certification designed for different areas of expertise and obtaining a Splunk certification is a valuable way to demonstrate your knowledge and expertise with the Splunk platform to potential employers and clients.

Benefits of obtaining a Splunk certification include:

Increased credibility: A Splunk certification can serve as a third-party endorsement of your knowledge and skills, which can help to increase your credibility and differentiate you from other professionals in the field.

Career advancement: Employers often look for candidates with proven expertise and experience, and a Splunk certification can demonstrate to potential employers that you have the skills and knowledge necessary to excel in your role.

Improved job prospects: Having a Splunk certification can make you a more competitive candidate for job openings that require Splunk skills, and it may also help you to negotiate higher salaries and benefits.

Professional development: Obtaining a Splunk certification can help you to stay up-to-date with the latest features and best practices in the field, and it can also provide a sense of accomplishment and personal development.

To put it plainly: Splunk Certification pays. Candidates who are Splunk Certified earn an average of 16% more than their uncertified peers. Organizations who invest in Splunk Certification earn faster time to value and are more likely to renew and expand their license.

Speak to a Training Consultant

All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631

Preferred mode of training
Checkboxes