Vendors

This 13.5 hour course is intended for experienced Phantom consultants who will be responsible for complex Phantom solution development, and will prepare the attendee to integrate Phantom with Splunk as well as develop playbooks requiring custom coding and REST API usage.
Potential attendees have received a passing grade in all prerequisite courses, and should ensure they can devote all of their attention to the class, as the course work is very challenging. Students will develop a custom solution with Phantom, Splunk and custom Python code. The labs provide requirements for the solution; the student must plan and execute the development. This will require thoughtful focus, experimentation and problem-solving skills.

img-course-overview.jpg

What You'll Learn

Please refer to course overview.

Who Should Attend

img-who-should-learn.png

Prerequisites

Attendees for this class must ensure that they meet all course pre-requisites. This is a challenging, advanced class that draws on technical knowledge from many areas in Splunk and Phantom, and the demanding labs and course schedule leave little time to learn the basics.

Classes:

  • Experience with Python programming
  • Adminstering Splunk Phantom
  • Developing Splunk Phantom Playbooks
  • Enterprise Splunk Data Administration
  • Enterprise Splunk System Administration
  • Either Using or Administering Splunk Enterprise Security

Learning Journey

Coming Soon...

Module 1 – Implementing Splunk and Phantom

  • Review of Phantom UI and concepts
  • Describe interactions between Splunk and Phantom
  • Identify key concepts and data flows
  • Pre-requisites for integration

Module 2 – Configuring External Splunk Search

  • Describe the benefits of externalizing search to Splunk
  • Configure the Phantom instance for externalization
  • Configure the Splunk instance for externalization
  • Use the Splunk app for Phantom Reporting

Module 3 – Sending Splunk Events to Phantom

  • Configure the Phantom Add-on for Splunk
  • Map CIM fields to CEF
  • Send Enterprise Security notables to Phantom
  • Automatically trigger Phantom playbooks for Splunk notables

Module 4 – Accessing Splunk from Phantom

  • Install and configure the Phantom App for Splunk
  • Ingest Splunk events into Phantom
  • Use Splunk search from playbooks
  • Update Splunk notable events

Module 5 – Custom Coding in Playbooks

  • Phantom coding best practices
  • Writing, using and managing custom functions
  • Using the Phantom API in custom code
  • Store and retrieve persistent data

Module 6 – Using Phantom REST

  • Use Django queries to search for data in Phantom
  • Use REST from other systems to access Phantom data
  • Use the HTTP app to execute REST from playbooks

Frequently Asked Questions (FAQs)

  • Why get Splunk certified?

    Splunk certifications validate your expertise in data analytics and your proficiency in using the Splunk platform.

    These certifications demonstrate your ability to leverage Splunk's powerful tools for data collection, analysis, and visualization, making you a valuable asset to organizations seeking to gain actionable insights from their data.

    Splunk-certified professionals are in high demand across various industries, including IT, security, and business analytics.

  • What to expect for the examination?

    Splunk offers a variety of certification exams at different levels, covering various domains and products within the Splunk platform.

    Exams typically consist of multiple-choice and scenario-based questions that assess your knowledge and skills in using Splunk to solve real-world problems.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is Splunk certification valid for?

    All Splunk certifications are valid for three years from the date of passing the highest-level certification exam.

    To maintain your certification, you will need to recertify before it expires. You have three options for recertification:

    - Pursue a higher-level certification (including any required prerequisite courses), in which case your lower-level certifications would also be renewed on the date of passing the next-level certification exam.

    - Retake a certification exam within the final year of their recertification window to renew their certifications at that level (and any applicable downstream certifications).

    - Complete continuing education courses at any point in the three year recertification window beginning the date of badge issuance.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 16 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career.

Keep Exploring

Course Curriculum

Course Curriculum

Training Schedule

Training Schedule

Exam & Certification

Exam & Certification

FAQs

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

More Courses By Splunk

img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name
Email
Phone
I'm inquiring for

Inquiry Details

By providing your contact details, you agree to our Privacy Policy.