Trending Courses

Vendors

Skip Navigation Links

Overview

This course is part of the Blue Team Academy, a Splunk Education initiative that combines industry and Splunk product learning in a single place to fill in the skills gap present across the industry today.

In this course you will learn and practice how to conduct investigations using Splunk Enterprise Security features, including Risk Based Alerting, through best practices shared by our security champions, and practice some common tasks using Splunk SOAR.

You will also learn about the PEAK Threat Hunting framework and will apply its basic concepts in a hypothesis-driven threat-hunting exercise.
img-course-overview.jpg

What You'll Learn

  • Describe SIEM best practices and basic operation concepts of Splunk Enterprise Security, including the interaction between CIM, Data Models, and acceleration, and common CIM fields that may be used in investigations
  • Carry out a typical triage and investigation process using Splunk Enterprise Security
  • Describe the purpose of the Asset and Identity, and Threat Intelligence frameworks in ES
  • Define Splunk ES elements like Notable Event, Risk Notable, Adaptive Response Action, Risk Object, Contributing Events.
  • Identify common built-in dashboards in Enterprise Security and the basic information they contain.
  • Explain the use of SOAR playbooks and list the basic ways they can be triggered from Enterprise Security
  • Explain the essentials of Risk-based Alerting and the Risk framework
  • List the common high-level steps of threat hunting using the PEAK framework and practice some common steps of hypothesis hunting with Splunk.

Who Should Attend

  • SOS Analysts
  • Defense engineer
  • Splunk admins who support these roles
img-who-should-learn.png

Prerequisites

To be successful students should have a basic

understanding of common cyber technologies and concepts including:

  • OSI Model
  • Networking concepts and common security tools
  • Common Operative Systems like Windows and Linux

The following Splunk courses are also highly recommended:

  • Intro to Splunk
  • Using fields
  • Previous courses in the Defense Analyst learning path

Learning Journey

Coming Soon...

Module 1 – Introduction

  • The CyberSecurity Defense Analyst
  • CIM, Data Models and Correlation Refresh
  • Lab 1: Introducing the environment

Module 2 – Splunk Enterprise Security (ES) for Analysts

  • Asset & Identity Framework
  • Threat Intelligence Framework
  • Notable Event Framework
  • Adaptive Response Framework
  • Investigation Management in Splunk ES
  • Lab 2: Pick up an investigation

Module 3 – Risk Analysis Framework

  • Lab 3: Continue your investigation with RBA

Module 4 – Working with Splunk SOAR

  • Lab 4: Splunk SOAR Practice

Module 5 – Threat Hunting Introduction

  • Lab 5: Hunting with Windows Event Codes

Module 6 – Threat Hunting with PEAK: Hypothesis-based Hunt

  • Lab 6: Hypothesis-based Threat Hunting Practice

Module 7 – Threat Hunting with PEAK: Baseline Hunt

  • Lab 7: Baseline Threat Hunting Practice

img-exam-cert

Frequently Asked Questions (FAQs)

  • Why get Splunk certified?

    Splunk certifications validate your expertise in data analytics and your proficiency in using the Splunk platform.

    These certifications demonstrate your ability to leverage Splunk's powerful tools for data collection, analysis, and visualization, making you a valuable asset to organizations seeking to gain actionable insights from their data.

    Splunk-certified professionals are in high demand across various industries, including IT, security, and business analytics.

  • What to expect for the examination?

    Splunk offers a variety of certification exams at different levels, covering various domains and products within the Splunk platform.

    Exams typically consist of multiple-choice and scenario-based questions that assess your knowledge and skills in using Splunk to solve real-world problems.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is Splunk certification valid for?

    All Splunk certifications are valid for three years from the date of passing the highest-level certification exam.

    To maintain your certification, you will need to recertify before it expires. You have three options for recertification:

    - Pursue a higher-level certification (including any required prerequisite courses), in which case your lower-level certifications would also be renewed on the date of passing the next-level certification exam.

    - Retake a certification exam within the final year of their recertification window to renew their certifications at that level (and any applicable downstream certifications).

    - Complete continuing education courses at any point in the three year recertification window beginning the date of badge issuance.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 24 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career.

Keep Exploring

Course Curriculum

Course Curriculum

Training Schedule

Training Schedule

Exam & Certification

Exam & Certification

FAQs

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

More Courses By Splunk

Browse All Courses
img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name*
Email*
Phone*
I'm inquiring for
Inquiry Details

By submitting this form, you consent to Trainocate processing your data to respond to your inquiry and provide you with relevant information about our training programs, including occasional emails with the latest news, exclusive events, and special offers.

You can unsubscribe from our marketing emails at any time. Our data handling practices are in accordance with our Privacy Policy.

Stay Connected. Be the first to Know.

Company

Vendors

Services

Customer Service

© Copyright Trainocate 2026. All rights reserved.