Home > Vendors > splunk > splk-ases

Share

SPLK-ASES - Administering Splunk Enterprise Security 7.0

This 13.5-hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.

Duration: 3.0 days

Enquire Now

Start learning today!

Click Hereto customize your Training

Objectives

  • Provide an overview of Splunk Enterprise Security (ES)
  • Customize ES dashboards
  • Examine the ES Risk framework and Risk-based Alerting (RBA)
  • Customize the Investigation Workbench
  • Understand initial ES installation and configuration
  • Manage data intake and normalization for ES
  • Create and tune correlation searches
  • Configure ES lookups
  • Configure Assets & Identities and Threat Intelligence

Content

Module 1 – Introduction to ES

  • Review how ES functions
  • Understand how ES uses data models
  • Describe correlation searches, adaptive response actions, and notable events
  • Configure ES roles and permissions

Module 2 – Security Monitoring

  • Customize the Security Posture and Incident Review dashboards
  • Create ad hoc notable events
  • Create notable event suppressions

Module 3 – Risk-Based Alerting

  • Give an overview of Risk-Based Alerting (RBA)
  • Explain risk scores and how they can be changed
  • Review the Risk Analysis dashboard
  • Describe annotations
  • View Risk Notables and risk information

Module 4 – Incident Investigation

  • Review the Investigations dashboard
  • Customize the Investigation Workbench
  • Manage investigations

Module 5 – Installation

  • Give an overview of general ES install requirements
  • Explain the different add-ons and where they are installed
  • Provide ES pre-installation requirements
  • Identify steps for downloading and installing ES

Module 6 – General Configuration

  • Set general configuration options
  • Configure local and cloud domain information
  • Work with the Incident Review KV Store
  • Customize navigation
  • Configure Key Indicator searches

Module 7 – Validating ES Data

  • Verify data is correctly configured for use in ES
  • Validate normalization configurations
  • Install additional add-ons

Module 8 – Custom Add-ons

  • Ingest custom data in ES
  • Create an add-on for a custom sourcetype
  • Describe add-on troubleshooting

Module 9 – Tuning Correlation Searches

  • Describe correlation search operation
  • Customize correlation searches
  • Describe numeric vs. conceptual thresholds

Module 10 – Creating Correlation Searches

  • Create a custom correlation search
  • Manage adaptive responses
  • Export/import content

Module 11 – Asset & Identity Management

  • Review the Asset and Identity Management interface
  • Describe Asset and Identity KV Store collections
  • Configure and add asset and identity lookups to the interface
  • Configure settings and fields for asset and identity lookups
  • Explain the asset and identity merge process
  • Describe the process for retrieving LDAP data for an asset or identity lookup

Module 12 – Managing Threat Intelligence

  • Understand and configure threat intelligence
  • Use the Threat Intelligence Management interface
  • Configure new threat lists

Module 13 – Supplemental Apps

  • Review apps to enhance the capabilities of ES including, Mission Control, SOAR, UBA, Cloud-based Streaming Analytics, PCI Compliance, Fraud Analytics, and Lookup File Editor

Audience

  • Splunk Administrator
  • Developer
  • User
  • Knowledge Manager
  • Architect

Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • Using Splunk Enterprise Security
  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Data Models
  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration

Certification

product-certification

Course Benefits

product-benefits
  • Career growth
  • Broad Career opportunities
  • Worldwide recognition from leaders
  • Up-to Date technical skills
  • Popular Certification Badges

Splunk Popular Courses

splk-sefs

This "Fast Start" course covers over 60 commands and functions and prepares students to be search experts.

splk-iiss

This course prepares security practitioners to use SOAR to respond to security incidents.

splk-dyd

This course focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.

splk-introdyd

This course focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.
Enquire Now
IH2GZu
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy