Administering Splunk Enterprise Security 7.0

Administering Splunk Enterprise Security 7.0

Administering Splunk Enterprise Security 7.0

Upcoming Classes

Online

Instructor-led online training

Location Feb 2023 Mar 2023 Apr 2023 May 2023 Jun 2023 Jul 2023 Aug 2023
EMEA UK Time - Virtual Feb 8 – Feb 10
Feb 15 – Feb 17
Feb 22 – Feb 24
 Mar 6 – Mar 8
Mar 15 – Mar 17
Mar 22 – Mar 24
Mar 27 – Mar 29
 Apr 3 – Apr 5
Apr 12 – Apr 14
Apr 19 – Apr 21
Apr 24 – Apr 26
AMER Eastern Time - Virtual Feb 8 – Feb 10
Feb 15 – Feb 17
Feb 22 – Feb 24
 Mar 1 – Mar 3
Mar 8 – Mar 10
Mar 15 – Mar 17
Mar 20 – Mar 22
Mar 22 – Mar 24
Mar 29 – Mar 31
 Apr 5 – Apr 7
Apr 12 – Apr 14
Apr 19 – Apr 21
Apr 26 – Apr 28
APAC Sydney - Virtual Feb 15 – Feb 17
 Mar 29 – Mar 31
AMER Pacific Time - Virtual Feb 22 – Feb 24
 Mar 8 – Mar 10
Mar 22 – Mar 24
 Apr 5 – Apr 7
Apr 19 – Apr 21
APAC Singapore - Virtual Mar 1 – Mar 3
Mar 27 – Mar 29
 Apr 26 – Apr 28

Summary

This 13.5 hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.

Description

Course Topics

  • Examine how ES functions including data models, correlation searches, notable events and dashboards
  • Create custom correlation searches
  • Customize the Investigation Workbench
  • Learn how to install or upgrade ES
  • Learn the steps to setting up inputs using technology add-ons
  • Fine tune ES Global Settings
  • Customize risk and configure threat intelligence

Duration

3 Days

Objectives

Module 1 – Introduction to ES

  • Review how ES functions
  • Understand how ES uses data models
  • Configure ES roles and permissions

Module 2 – Security Monitoring

  • Customize the Security Posture and Incident Review dashboards
  • Create ad hoc notable events
  • Create notable event suppressions

Module 3 – Risk-Based Alerting

  • Explain Risk-Based Alerting
  • Explain risk scores
  • Review the Risk Analysis dashboard
  • Use annotations

Module 4 – Incident Investigation

  • Review the Investigations dashboard
  • Customize the Investigation Workbench
  • Manage investigations

Module 5 – Installation

  • Prepare a Splunk environment for installation
  • Download and install ES on a search head
  • Test a new install
  • Post-install configuration tasks

Module 6 – Initial Configuration

  • Set general configuration options
  • Add external integrations
  • Configure local domain information
  • Customize navigation
  • Configure Key Indicator searches

Module 7 – Validating ES Data

  • Verify data is correctly configured for use in ES
  • Validate normalization configurations
  • Install additional add-ons

Module 8 – Custom Add-ons

  • Design a new add-on for custom data
  • Use the Add-on Builder to build a new add-on

Module 9 – Tuning Correlation Searches

  • Configure correlation search scheduling and sensitivity
  • Tune ES correlation searches

Module 10 – Creating Correlation Searches

  • Create a custom correlation search
  • Manage adaptive responses
  • Export/Import content

Module 11 – Asset & Identity Management

  • Review the Asset and Identity Management interface
  • Describe Asset and Identity KV Store collections
  • Configure and add asset and identity lookups to the interface
  • Configure settings and fields for asset and identity lookups
  • Explain the asset and identity merge process
  • Describe the process for retrieving LDAP data for an asset or identity lookup

Module 12 – Manage Threat Intelligence

  • Understand and configure threat intelligence
  • Use the Threat Intelligence Management interface to configure a new threat list

Prerequisites

To be successful, students should have a solid understanding of the following:
  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration
OR the following single-subject courses:
  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Subsearches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards
  • Dynamic Dashboards
Students should also have completed the following courses:
  • Splunk System Administration
  • Splunk Data Administration

Onsite Training

For groups of three or more

Request Quote

Public Training

EMEA UK Time - Virtual

AMER Eastern Time - Virtual

APAC Sydney - Virtual

AMER Pacific Time - Virtual

APAC Singapore - Virtual


Don't see a date that works for you?

Request Class

Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005- Splunk Inc. All rights reserved.

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.