SPLK-ENTSEC6.6 - Using Splunk Enterprise Security 7.0

This 13.5-hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students identify and track incidents, analyze security risks, use predictive analytics, and discover threats.

Duration: 3.0 days

Enquire Now

Start learning today!

Click Hereto customize your Training

Objectives

  • ES concepts, features, and capabilities
  • Security monitoring and Incident investigation
  • Using risk-based alerting and risk analysis
  • Assets and identities overview
  • Creating investigations and using the Investigation Workbench
  • Detecting known types of threats
  • Monitoring for new types of threats
  • Using analytical tools and dashboards
  • Analyze user behavior for insider threats
  • Use threat intelligence tools

Content

Module 1 - Introduction to Enterprise Security

  • Describe the features and capabilities of Splunk Enterprise Security (ES)
  • Explain how ES helps security practitioners prevent, detect, and respond to threats
  • Describe correlation searches, data models and notable events
  • Describe user roles in ES
  • Log into Splunk Web and access Splunk for Enterprise Security

Module 2 - Security Monitoring and Incident Investigation

  • Use the Security Posture dashboard to monitor ES status
  • Use the Incident Review dashboard to investigate notable events
  • Take ownership of an incident and move it through the investigation workflow
  • Create notable events
  • Suppress notable events

Module 3 – Risk-Based Alerting

  • Give an overview of Risk-Based Alerting
  • View Risk Notables and risk information on the Incident Review dashboard
  • Explain risk scores and how to change an object's risk score
  • Review the Risk Analysis dashboard
  • Describe annotations
  • Describe the process for retrieving LDAP data for an asset or identity lookup

Module 4 – Assets & Identities

  • Give an overview of the ES Assets and Identities framework
  • Show examples where asset or identity data is missing from ES dashboards or notable events
  • View the Asset & Identity Management Interface
  • View the contents of an asset or identity lookup table

Module 5 – Investigations

  • Use investigations to manage incident response activity
  • Use the investigation workbench to manage, visualize and coordinate incident investigations
  • Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)
  • Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts

Module 6 – Security Domain Dashboards

  • Describe the ES security domains
  • Use the Security Domain dashboards to troubleshoot various security threats
  • Learn how to launch the Security Domain dashboards from Incidents Review and from a notable event Action menu

Module 7 – User Intelligence

  • Understand and use user activity analysis
  • Use investigators to analyze events related to an asset or identity
  • Use access anomalies to detect suspicious access patterns

Module 8 – Web Intelligence

  • Use the web intelligence dashboards to analyze your network environment
  • Filter and highlight events

Module 9 – Threat Intelligence

  • Give an overview of the Threat Intelligence framework and how threat intel is configured in ES
  • Use the Threat Activity dashboard to see which threat sources are interacting with your environment
  • Use the Threat Artifacts dashboard to examine the status of threat intelligence information in your environment

Module 10 – Protocol Intelligence

  • Explain how network data is input into Splunk events
  • Describe stream events
  • Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data

Audience

Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2

Or the following single-subject courses:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Scheduling Reports and Alerts
  • Visualizations
  • Leveraging Lookups and Sub-searches
  • Search Under the Hood
  • Introduction to Knowledge Objects
  • Enriching Data with Lookups
  • Data Models
  • Introduction to Dashboards

Certification

product-certification

Course Benefits

product-benefits
  • Career growth
  • Broad Career opportunities
  • Worldwide recognition from leaders
  • Up-to Date technical skills
  • Popular Certification Badges

Splunk Popular Courses

splk-dyd

This course focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.

splk-introdyd

This course focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.

splk-lls

This course will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources

splk-wtime

This course will focus on searching and formatting time in addition to using time commands and working with time zones.
Enquire Now
 
 
 
 
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy