Administering Splunk Enterprise Security 7.0

Administering Splunk Enterprise Security 7.0

Administering Splunk Enterprise Security 7.0

Upcoming Classes

Online

Instructor-led online training

Location May 2022 Jun 2022 Jul 2022 Aug 2022 Sep 2022 Oct 2022 Nov 2022
AMER Pacific Time - Virtual May 18 – May 20
 Jun 29 – Jul 1
 Jul 13 – Jul 15
Jul 27 – Jul 29
AMER Eastern Time - Virtual May 18 – May 20
 Jun 15 – Jun 17
Jun 22 – Jun 24
Jun 29 – Jul 1
 Jul 13 – Jul 15
Jul 20 – Jul 22
Jul 27 – Jul 29
EMEA UK Time - Virtual Jun 20 – Jun 22
 Jul 4 – Jul 6
Jul 18 – Jul 20
APAC Singapore - Virtual Jun 27 – Jun 29
 Jul 25 – Jul 27
APAC Sydney - Virtual Jun 27 – Jun 29

Summary

This 13.5 hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.

Description

Course Topics

  • Examine how ES functions including data models, correlation searches, notable events and dashboards
  • Create custom correlation searches
  • Customize the Investigation Workbench
  • Learn how to install or upgrade ES
  • Learn the steps to setting up inputs using technology add-ons
  • Fine tune ES Global Settings
  • Customize risk and configure threat intelligence

Duration

3 Days

Objectives

Module 1 – Introduction to ES

  • Review how ES functions
  • Understand how ES uses data models
  • Configure ES roles and permissions

Module 2 – Security Monitoring

  • Customize the Security Posture and Incident Review dashboards
  • Create ad hoc notable events
  • Create notable event suppressions

Module 3 – Risk-Based Alerting

  • Explain Risk-Based Alerting
  • Explain risk scores
  • Review the Risk Analysis dashboard
  • Use annotations

Module 4 – Incident Investigation

  • Review the Investigations dashboard
  • Customize the Investigation Workbench
  • Manage investigations

Module 5 – Installation

  • Prepare a Splunk environment for installation
  • Download and install ES on a search head
  • Test a new install
  • Post-install configuration tasks

Module 6 – Initial Configuration

  • Set general configuration options
  • Add external integrations
  • Configure local domain information
  • Customize navigation
  • Configure Key Indicator searches

Module 7 – Validating ES Data

  • Verify data is correctly configured for use in ES
  • Validate normalization configurations
  • Install additional add-ons

Module 8 – Custom Add-ons

  • Design a new add-on for custom data
  • Use the Add-on Builder to build a new add-on

Module 9 – Tuning Correlation Searches

  • Configure correlation search scheduling and sensitivity
  • Tune ES correlation searches

Module 10 – Creating Correlation Searches

  • Create a custom correlation search
  • Manage adaptive responses
  • Export/Import content

Module 11 – Asset & Identity Management

  • Review the Asset and Identity Management interface
  • Describe Asset and Identity KV Store collections
  • Configure and add asset and identity lookups to the interface
  • Configure settings and fields for asset and identity lookups
  • Explain the asset and identity merge process
  • Describe the process for retrieving LDAP data for an asset or identity lookup

Module 12 – Manage Threat Intelligence

  • Understand and configure threat intelligence
  • Use the Threat Intelligence Management interface to configure a new threat list

Prerequisites

To be successful, students should have a solid understanding of the following:
  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration
OR the following single-subject courses:
  • What Is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Subsearches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards
  • Dynamic Dashboards
Students should also have completed the following courses:
  • Splunk System Administration
  • Splunk Data Administration

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Pacific Time - Virtual

AMER Eastern Time - Virtual

EMEA UK Time - Virtual

APAC Singapore - Virtual

APAC Sydney - Virtual


Don't see a date that works for you?

Request Class

Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005- Splunk Inc. All rights reserved.

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.