Overview
This 13.5-hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students identify and track incidents, analyze security risks, use predictive analytics, and discover threats.
Skills Covered
- ES concepts, features, and capabilities
- Security monitoring and Incident investigation
- Using risk-based alerting and risk analysis
- Assets and identities overview
- Creating investigations and using the Investigation Workbench
- Detecting known types of threats
- Monitoring for new types of threats
- Using analytical tools and dashboards
- Analyze user behavior for insider threats
- Use threat intelligence tools
Who Should Attend
Everyone can attend.
Course Curriculum
Prerequisites
To be successful, students should have a solid understanding of the following courses:
- Splunk Fundamentals 1
- Splunk Fundamentals 2
Or the following single-subject courses:
- What is Splunk?
- Intro to Splunk
- Using Fields
- Scheduling Reports and Alerts
- Visualizations
- Leveraging Lookups and Sub-searches
- Search Under the Hood
- Introduction to Knowledge Objects
- Enriching Data with Lookups
- Data Models
- Introduction to Dashboards