Using Splunk Enterprise Security 6.6

Using Splunk Enterprise Security 6.6

Using Splunk Enterprise Security 6.6

Upcoming Classes

Online

Instructor-led online training

Location Nov 2021 Dec 2021 Jan 2022 Feb 2022 Mar 2022 Apr 2022 May 2022
AMER Eastern Time - Virtual Dec 1 – Dec 3
 Jan 5 – Jan 7
Jan 19 – Jan 21
Jan 26 – Jan 28
 Feb 7 – Feb 9
Feb 14 – Feb 16
Feb 21 – Feb 23
Feb 28 – Mar 2
 Mar 7 – Mar 9
Mar 23 – Mar 25
Mar 28 – Mar 30
 Apr 11 – Apr 13
Apr 20 – Apr 22
Apr 27 – Apr 29
EMEA UK Time - Virtual Dec 8 – Dec 10
Dec 15 – Dec 17
 Jan 12 – Jan 14
Jan 26 – Jan 28
 Feb 2 – Feb 4
Feb 9 – Feb 11
Feb 14 – Feb 16
Feb 23 – Feb 25
 Mar 7 – Mar 9
Mar 14 – Mar 16
Mar 21 – Mar 23
Mar 28 – Mar 30
 Apr 4 – Apr 6
Apr 20 – Apr 22
Apr 25 – Apr 27
AMER Pacific Time - Virtual Dec 15 – Dec 17
 Jan 12 – Jan 14
Jan 31 – Feb 2
 Feb 21 – Feb 23
 Mar 14 – Mar 16
 Apr 4 – Apr 6
Apr 25 – Apr 27
APAC Singapore - Virtual Jan 17 – Jan 19
 Feb 28 – Mar 2
 Apr 13 – Apr 15

Australia

Location Nov 2021 Dec 2021 Jan 2022 Feb 2022 Mar 2022 Apr 2022 May 2022
Ingeniq - Online Dec 1 – Dec 3

Summary

This 13.5-hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students identify and track incidents, analyze security risks, use predictive analytics, and discover threats.

Description

  • ES concepts,features, and capabilities
  • Assets and identities
  • Security monitoring and Incident investigation
  • Use risk-based alerting and risk analysis
  • Use investigation workbench, timelines, list and summary tools
  • Detecting known types of threats
  • Monitoring for new types of threats
  • Using analytical tools
  • Analyze user behavior for insider threats
  • Use threat intelligence tools
  • Use protocol intelligence and live stream data

Duration

3 Days

Objectives

Module 1 - Getting Started with ES

  • Describe the features and capabilities of Splunk Enterprise Security (ES)
  • Explain how ES helps security practitioners prevent, detect, and respond to threats
  • Describe correlation searches, data models and notable events
  • Describe user roles in ES
  • Log into Splunk Web and access Splunk for Enterprise Security

Module 2 - Security Monitoring and Incident Investigation

  • Use the Security Posture dashboard to monitor ES status
  • Use the Incident Review dashboard to investigate notable events
  • Take ownership of an incident and move it through the investigation workflow
  • Create notable events
  • Suppress notable events

Module 3 – Risk-Based Alerting

  • Give an overview of Risk-Based Alerting
  • View Risk Notables and risk information on the Incident Review dashboard
  • Explain risk scores and how to change an object's risk score
  • Review the Risk Analysis dashboard
  • Describe annotations
  • Describe the process for retrieving LDAP data for an asset or identity lookup

Module 4 – Investigations

  • Use investigations to manage incident response activity
  • Use the investigation workbench to manage, visualize and coordinate incident investigations
  • Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)
  • Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts

Module 5 – Using Security Domain Dashboards

  • Use ES to inspect events containing information relevant to active or past incident investigations
  • Identify security domains in ES
  • Use ES security domain dashboards
  • Launch security domain dashboards from Incident Review and from action menus in search results

Module 6 – Web Intelligence

  • Use the web intelligence dashboards to analyze your network
  • Filter and highlight events

Module 7 – User Intelligence

  • Evaluate the level of insider threat with the user activity and access anomaly dashboards
  • Understand asset and identity concepts
  • Use the session center for identity resolution
  • Discuss Splunk User Behavior Analytics (UBA) integration

Module 8 – Threat Intelligence

  • Give an overview of the Threat Intelligence framework and how threat intel is configured in ES
  • Use the Threat Activity dashboard to see which threat sources are interacting with your environment
  • Use the Threat Activity dashboard to examine the status of threat intelligence information in your environment.

Module 9 – Protocol Intelligence

  • Explain how network data is input into Splunk events
  • Describe stream events
  • Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data

Prerequisites

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2
    • Or the following single-subject courses:
  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Sub-searches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards

Onsite Training

For groups of three or more

Request Quote

Public Training

AMER Eastern Time - Virtual

Chatswood, NSW

EMEA UK Time - Virtual

AMER Pacific Time - Virtual

APAC Singapore - Virtual


Don't see a date that works for you?

Request Class

© 2005- Splunk Inc. All rights reserved.
Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © Splunk Inc. All rights reserved.