Administering Splunk Enterprise Security 7.0

Administering Splunk Enterprise Security 7.0

Administering Splunk Enterprise Security 7.0

Upcoming Classes

Online

Instructor-led online training

Location Oct 2022 Nov 2022 Dec 2022 Jan 2023 Feb 2023 Mar 2023 Apr 2023
AMER Eastern Time - Virtual Oct 5 – Oct 7
Oct 12 – Oct 14
Oct 19 – Oct 21
Oct 26 – Oct 28
 Nov 2 – Nov 4
Nov 9 – Nov 11
Nov 16 – Nov 18
Nov 30 – Dec 2
 Dec 7 – Dec 9
Dec 14 – Dec 16
Dec 19 – Dec 21
 Jan 4 – Jan 6
Jan 11 – Jan 13
Jan 18 – Jan 20
Jan 25 – Jan 27
 Feb 1 – Feb 3
AMER Pacific Time - Virtual Oct 19 – Oct 21
 Nov 9 – Nov 11
Nov 30 – Dec 2
 Dec 7 – Dec 9
Dec 14 – Dec 16
Dec 19 – Dec 21
 Jan 4 – Jan 6
Jan 11 – Jan 13
Jan 18 – Jan 20
EMEA UK Time - Virtual Oct 24 – Oct 26
 Nov 9 – Nov 11
Nov 23 – Nov 25
Nov 30 – Dec 2
 Dec 7 – Dec 9
Dec 14 – Dec 16
 Jan 4 – Jan 6
Jan 11 – Jan 13
Jan 25 – Jan 27
APAC Sydney - Virtual Oct 24 – Oct 26
APAC Singapore - Virtual Nov 9 – Nov 11
 Dec 7 – Dec 9
 Jan 11 – Jan 13
 Feb 1 – Feb 3

Summary

This 13.5 hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.

Description

Course Topics

  • Examine how ES functions including data models, correlation searches, notable events and dashboards
  • Create custom correlation searches
  • Customize the Investigation Workbench
  • Learn how to install or upgrade ES
  • Learn the steps to setting up inputs using technology add-ons
  • Fine tune ES Global Settings
  • Customize risk and configure threat intelligence

Duration

3 Days

Objectives

Module 1 – Introduction to ES

  • Review how ES functions
  • Understand how ES uses data models
  • Configure ES roles and permissions

Module 2 – Security Monitoring

  • Customize the Security Posture and Incident Review dashboards
  • Create ad hoc notable events
  • Create notable event suppressions

Module 3 – Risk-Based Alerting

  • Explain Risk-Based Alerting
  • Explain risk scores
  • Review the Risk Analysis dashboard
  • Use annotations

Module 4 – Incident Investigation

  • Review the Investigations dashboard
  • Customize the Investigation Workbench
  • Manage investigations

Module 5 – Installation

  • Prepare a Splunk environment for installation
  • Download and install ES on a search head
  • Test a new install
  • Post-install configuration tasks

Module 6 – Initial Configuration

  • Set general configuration options
  • Add external integrations
  • Configure local domain information
  • Customize navigation
  • Configure Key Indicator searches

Module 7 – Validating ES Data

  • Verify data is correctly configured for use in ES
  • Validate normalization configurations
  • Install additional add-ons

Module 8 – Custom Add-ons

  • Design a new add-on for custom data
  • Use the Add-on Builder to build a new add-on

Module 9 – Tuning Correlation Searches

  • Configure correlation search scheduling and sensitivity
  • Tune ES correlation searches

Module 10 – Creating Correlation Searches

  • Create a custom correlation search
  • Manage adaptive responses
  • Export/Import content

Module 11 – Asset & Identity Management

  • Review the Asset and Identity Management interface
  • Describe Asset and Identity KV Store collections
  • Configure and add asset and identity lookups to the interface
  • Configure settings and fields for asset and identity lookups
  • Explain the asset and identity merge process
  • Describe the process for retrieving LDAP data for an asset or identity lookup

Module 12 – Manage Threat Intelligence

  • Understand and configure threat intelligence
  • Use the Threat Intelligence Management interface to configure a new threat list

Prerequisites

To be successful, students should have a solid understanding of the following:
  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration
OR the following single-subject courses:
  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Subsearches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards
  • Dynamic Dashboards
Students should also have completed the following courses:
  • Splunk System Administration
  • Splunk Data Administration

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

AMER Pacific Time - Virtual

EMEA UK Time - Virtual

APAC Sydney - Virtual

APAC Singapore - Virtual


Don't see a date that works for you?

Request Class

Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005- Splunk Inc. All rights reserved.

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.