Overview

This 13.5-hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students identify and track incidents, analyze security risks, use predictive analytics, and discover threats.

Skills Covered

  • ES concepts, features, and capabilities
  • Security monitoring and Incident investigation
  • Using risk-based alerting and risk analysis
  • Assets and identities overview
  • Creating investigations and using the Investigation Workbench
  • Detecting known types of threats
  • Monitoring for new types of threats
  • Using analytical tools and dashboards
  • Analyze user behavior for insider threats
  • Use threat intelligence tools

Who Should Attend

Everyone can attend.

Course Curriculum

Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

Or the following single-subject courses:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Sub-searches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards

Download Syllabus

Course Modules

Request More Information