Improve your organization’s security posture with Splunk Enterprise Security.

In today’s security landscape, organizations need to be able to identify and track incidents, analyze risks, and predict threats. Splunk Enterprise Security (ES) is a powerful tool that can help security practitioners do just that. This 13.5-hour course prepares students to use Splunk Enterprise Security to its full potential.

Through a combination of lectures and hands-on lab exercises, students will learn how to search and navigate data in Splunk ES, create reports and dashboards, and use predictive analytics to detect threats. By the end of the course, students will have a solid understanding of how to use Splunk ES to improve their organization’s security posture.

Overview

This 13.5-hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students identify and track incidents, analyze security risks, use predictive analytics, and discover threats.

Skills Covered

  • ES concepts, features, and capabilities
  • Security monitoring and Incident investigation
  • Using risk-based alerting and risk analysis
  • Assets and identities overview
  • Creating investigations and using the Investigation Workbench
  • Detecting known types of threats
  • Monitoring for new types of threats
  • Using analytical tools and dashboards
  • Analyze user behavior for insider threats
  • Use threat intelligence tools

Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

Or the following single-subject courses:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Sub-searches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards

Target Audience

Everyone can attend.

Course Curriculum

Module 1: ES Fundamentals

  • Explain the function of a SIEM
  • Give an overview of Splunk Enterprise Security (ES)
  • Understand how ES uses data models
  • Describe detections and findings
  • Identify ES roles and permissions
  • Give an overview of ES navigation

Module 2: Exploring the Analyst Queue

  • Explore the Analyst Queue
  • Filtering
  • Triage Findings and Finding Groups
  • Create ad hoc Findings
  • Suppress Findings from the Analyst Queue

Module 3: Working with Investigations

  • Give an overview of an investigation
  • Demonstrate how to create an investigation
  • Use Response Plans
  • Add Splunk events to an investigation
  • Use Playbooks and Actions

Module 4: Risk-based Alerting

  • Give an overview of risk and Risk-Based Alerting (RBA)
  • Explain risk scores and how to change an entity’s risk score
  • Review the Risk Analysis dashboard
  • Describe annotations
  • View risk information in Analyst Queue findings

Module 5 – Assets & Identities

  • Give an overview of the ES Assets and Identities (A&I) framework
  • Show where asset or identity data is missing from ES findings or dashboards
  • View the A&I Management Interface
  • View the contents of an asset or identity lookup table
  • Identify A&I field matching criteria

Module 6 – Adaptive Responses

  • Describe Adaptive Responses
  • Identify the default ES Adaptive Responses
  • Discuss Adaptive Response invocation methods
  • Troubleshoot Adaptive Response issues

Module 7 – Security Domain Dashboards

  • Use ES to inspect events containing information relevant to active or past incident investigation
  • Identify ES Security Domains
  • Use the Security Domain dashboards
  • Launch Security Domain dashboards from the Analyst Queue and from field action menus in search results

Module 8 – Intelligence Dashboards

  • Use the Web Intelligence dashboards to analyze your network environment
  • Filter and highlight events
  • Understand and use User Intelligence dashboards
  • Use Investigators to analyze events related to an asset or identity
  • Use Access Anomalies to detect suspicious access patterns

Module 9 – Threat Intelligence

  • Give an overview of the Threat Intelligence framework
  • Identify where Threat Intelligence is configured
  • Observe Threat Findings
  • View downloaded Threat Indicators
  • Troubleshooting Threat Intelligence

Module 10 – Protocol Intelligence

  • Explain how network data is input into Splunk events
  • Describe stream events
  • Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data

Dates & Locations

Let’s make it work for you

Can’t find a date that fits? Need to train your whole team? Looking for a discount?
Speak to one of our learning experts today.

x Clear all selections

July 20, 2026 - July 22, 2026

Location: Kuala Lumpur
Modal: VILT
Availability: TBC
RM 7050
Trainocate exam and cert

Exam & Certification

#N/A

Training & Certification Guide

Frequently Asked Questions

Splunk is a powerful tool for analyzing and visualizing data from a variety of sources, including log files, application data, and network traffic. It can be used to troubleshoot issues, detect security threats, and gain insights into the performance and usage of systems and applications.

There are several reasons why learning Splunk might be beneficial:

  • Demand for Splunk skills is high: Splunk is widely used in a variety of industries, and there is a high demand for professionals with Splunk skills
  • Splunk can be used to solve complex problems: Splunk’s advanced search and analysis capabilities allow you to quickly identify and resolve issues, which can save time and resources
  • Splunk can improve efficiency: Splunk allows you to automate the collection, analysis, and visualization of data, which can improve the efficiency of your operations
  • Splunk is a valuable tool for data professionals: If you work in data analytics or data science, learning Splunk can help you extract insights and value from large datasets

Splunk has a strong ecosystem: Splunk has a large and active community of users, as well as a rich ecosystem of partners and integrations, which makes it easy to find resources and support when using the tool.

Splunk is a powerful tool that is widely used in a variety of industries, and there is a high demand for professionals with Splunk skills.

Splunk is particularly useful for log management, security analytics, and operational intelligence, and it can be used to troubleshoot issues, detect security threats, and gain insights into the performance and usage of systems and applications.

If you work in IT, data analytics, or a related field, learning Splunk can be a valuable addition to your skill set and may open up new job opportunities. Splunk is also a useful tool for data professionals, such as data analysts and data scientists, as it allows you to extract insights and value from large datasets.

Splunk offers a range of certification designed for different areas of expertise and obtaining a Splunk certification is a valuable way to demonstrate your knowledge and expertise with the Splunk platform to potential employers and clients.

Benefits of obtaining a Splunk certification include:

Increased credibility: A Splunk certification can serve as a third-party endorsement of your knowledge and skills, which can help to increase your credibility and differentiate you from other professionals in the field.

Career advancement: Employers often look for candidates with proven expertise and experience, and a Splunk certification can demonstrate to potential employers that you have the skills and knowledge necessary to excel in your role.

Improved job prospects: Having a Splunk certification can make you a more competitive candidate for job openings that require Splunk skills, and it may also help you to negotiate higher salaries and benefits.

Professional development: Obtaining a Splunk certification can help you to stay up-to-date with the latest features and best practices in the field, and it can also provide a sense of accomplishment and personal development.

To put it plainly: Splunk Certification pays. Candidates who are Splunk Certified earn an average of 16% more than their uncertified peers. Organizations who invest in Splunk Certification earn faster time to value and are more likely to renew and expand their license.

Speak to a Training Consultant

All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631

Preferred mode of training
Checkboxes