Trending Courses

Vendors

Skip Navigation Links

Overview

This course is part of the Blue Team Academy, a Splunk Education initiative that combines industry and Splunk product learning in a single place to fill in the skills gap present across the industry today.

In this course you will learn and practice how to conduct investigations using Splunk Enterprise Security features, including Risk Based Alerting, through best practices shared by our security champions, and practice some common tasks using Splunk SOAR.

You will also learn about the PEAK Threat Hunting framework and will apply its basic concepts in a hypothesis-driven threat-hunting exercise.
img-course-overview.jpg

What You'll Learn

At the end of this course you should be able to:

  • Describe SIEM best practices and basic operation concepts of Splunk Enterprise Security, including the interaction between CIM, Data Models, and acceleration, and common CIM fields that may be used in investigations
  • Carry out a typical triage and investigation process using Splunk Enterprise Security
  • Describe the purpose of the Asset and Identity, and Threat Intelligence frameworks in ES
  • Define Splunk ES elements like Notable Event, Risk Notable, Adaptive Response Action, Risk Object, Contributing Events.
  • Identify common built-in dashboards in Enterprise Security and the basic information they contain.
  • Explain the use of SOAR playbooks and list the basic ways they can be triggered from Enterprise Security
  • Explain the essentials of Risk-based Alerting and the Risk framework
  • List the common high-level steps of threat hunting using the PEAK framework and practice some common steps of hypothesis hunting with Splunk.

The objectives in this course align with some of the objectives in the Splunk Certified Cybersecurity Defense Analyst exam. It is recommended to review the full exam blueprint when preparing for the exam. Additional e-learning resources are available in the Splunk learning platform.

Who Should Attend

  • Splunk Administrator
  • Developer
  • User
  • Knowledge Manager
  • Architect
img-who-should-learn.png

Prerequisites

It is recommended to have a basic understanding of common cyber technologies and concepts including:

  • OSI Model
  • Networking concepts and common security tools
  • Common Operative Systems like Windows and Linux
  • Splunk Essentials

Learning Journey

Coming Soon...

  • Introduction
    • The CyberSecurity Defense Analyst
    • CIM, Data Models and Correlation Refresh
    • Lab 1: Introducing the environment
  • Splunk Enterprise Security (ES) for Analysts
    • What is SIEM again?
    • Asset & Identity Framework
    • Threat Intelligence Framework
    • Notable Event FrameworkAdaptive Response Framework
    • Incident Investigation Management in Splunk ES
    • Lab 2: Pick up an Investigation
  • Risk Analysis Framework
    • Overview
    • Lab 3: Continue your investigation with RBA
  • Working with Splunk SOAR
    • Introducing Splunk SOAR
    • Lab 4: Splunk SOAR practice
  • Threat Hunting with PEAK
    • PEAK Overview
    • Lab 5: Threat Hunting Hands-on
  • Challenge Lab
    • Lab 6: Run your own investigation

Frequently Asked Questions (FAQs)

  • Why get Splunk certified?

    Splunk certifications validate your expertise in data analytics and your proficiency in using the Splunk platform.

    These certifications demonstrate your ability to leverage Splunk's powerful tools for data collection, analysis, and visualization, making you a valuable asset to organizations seeking to gain actionable insights from their data.

    Splunk-certified professionals are in high demand across various industries, including IT, security, and business analytics.

  • What to expect for the examination?

    Splunk offers a variety of certification exams at different levels, covering various domains and products within the Splunk platform.

    Exams typically consist of multiple-choice and scenario-based questions that assess your knowledge and skills in using Splunk to solve real-world problems.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is Splunk certification valid for?

    All Splunk certifications are valid for three years from the date of passing the highest-level certification exam.

    To maintain your certification, you will need to recertify before it expires. You have three options for recertification:

    - Pursue a higher-level certification (including any required prerequisite courses), in which case your lower-level certifications would also be renewed on the date of passing the next-level certification exam.

    - Retake a certification exam within the final year of their recertification window to renew their certifications at that level (and any applicable downstream certifications).

    - Complete continuing education courses at any point in the three year recertification window beginning the date of badge issuance.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 24 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career.

Keep Exploring

Course Curriculum

Course Curriculum

Training Schedule

Training Schedule

Exam & Certification

Exam & Certification

FAQs

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

More Courses By Splunk

Browse All Courses
img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name
Email
Phone
I'm inquiring for
Inquiry Details

By submitting this form, you consent to Trainocate processing your data to respond to your inquiry and provide you with relevant information about our training programs, including occasional emails with the latest news, exclusive events, and special offers.

You can unsubscribe from our marketing emails at any time. Our data handling practices are in accordance with our Privacy Policy.

Stay Connected. Be the first to Know.

Company

Vendors

Services

Customer Service

© Copyright Trainocate 2025. All rights reserved.