Module 1 – Introduction to ES
Module 2 – Security Monitoring
-
Customize the Security Posture and Incident Review dashboards
-
Create ad hoc notable events
-
Create notable event suppressions
Module 3 – Risk-Based Alerting
-
Give an overview of risk-based alerting
-
View Risk Notables and risk information on the Incident Review dashboard
-
Explain risk scores and how an ES admin can change an object's risk score
-
Review the Risk Analysis dashboard
-
Describe annotations
Module 4 – Incident Investigation
Module 5 – Installation
-
Prepare a Splunk environment for installation
-
Download and install ES on a search head
-
Test a new install
-
Post-install configuration tasks
Module 6 – Initial Configuration
-
Set general configuration options
-
Add external integrations
-
Configure local domain information
-
Customize navigation
-
Configure Key Indicator searches
Module 7 – Validating ES Data
-
Verify data is correctly configured for use in ES
-
Validate normalization configurations
-
Install additional add-ons
Module 8 – Custom Add-ons
Module 9 – Tuning Correlation Searches
Module 10 – Creating Correlation Searches
Module 11 – Asset & Identity Management
-
Review the Asset and Identity Management interface
-
Describe Asset and Identity KV Store collections
-
Configure and add asset and identity lookups to the interface
-
Configure settings and fields for asset and identity lookups
-
Explain the asset and identity merge process
-
Describe the process for retrieving LDAP data for an asset or identity lookup
Module 12 – Threat Intelligence Framework