Trending Courses

Vendors

Skip Navigation Links

Overview

This course is for ES Administrators and Engineers.This 13.5-hour instructor-led course enables SOC Engineers to use Splunk’s Enterprise Security SIEMfor detection engineering, incident response, automation, asset and identity configuration, and threatintelligence management. Other topics include ES event processing and normalization, managing risk,data models, deployment requirements, technology add-ons, and dashboard dependencies..
img-course-overview.jpg

What You'll Learn

  • Provide an overview of Splunk Enterprise Security (ES)
  • Customize ES dashboards
  • Examine the ES Risk framework and Risk-based Alerting (RBA)
  • Customize the Investigation Workbench
  • Understand initial ES installation and configuration
  • Manage data intake and normalization for ES
  • Create and tune correlation searches
  • Configure ES lookups
  • Configure Assets & Identities and Threat Intelligence

Who Should Attend

  • SOC Analyst
  • SOC Engineer
img-who-should-learn.png

Prerequisites

To be successful, students should have a solid understanding of the following courses:

  • Using Splunk Enterprise Security
  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Data Models
  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration

Learning Journey

Coming Soon...

Module 1 - Introduction to Enterprise Security

  • Explain the function of a SIEM
  • Give an overview of Splunk’s Enterprise Security (ES)
  • Describe detections and findings
  • Configure ES roles and permissions
  • Give an overview of ES navigation

Module 2 - Customizing the Analyst Queue and findings

  • Give an overview of the Analyst Queue
  • Create and use Analyst Queue Views
  • Customize the Analyst Queue
  • Modify Urgency
  • Create new Status values
  • Add fields to Finding attributes
  • Create ad hoc Findings
  • Suppress Findings

Module 3 - Working with Investigations

  • Give an overview of an investigation
  • Use and create Response Plans
  • Add Splunk events to an investigation
  • Use Playbooks and Actions

Module 4 - Asset & Identity Management

  • Review the Asset and Identity Management interface
  • Describe Asset and Identity KV Store collections
  • Configure and add asset and identity lookups to the interface
  • Configure settings and fields for asset and identity lookups
  • Explain the asset and identity merge process
  • Describe the process for retrieving LDAP data for an asset or identity lookup

Module 5 - Data Normalization

  • Understand how ES uses accelerated data models
  • Verify data is correctly configured for use in ES
  • Validate normalization configurations
  • Install additional add-ons
  • Ingest custom data in ES
  • Create an add-on for a custom sourcetype
  • Describe add-on troubleshooting

Module 6 - Detection Engineering

  • Give an overview of how to create Event-based detections
  • Review the Detection Editor
  • Give an overview of how to create Finding-based detections

Module 7 - Risk-Based Alerting

  • Give an overview of Risk-Based Alerting (RBA)
  • Explain risk scores and how they can be changed by detections or manually
  • Review the Risk analysis dashboard
  • Understand Finding-based detections
  • Describe annotations
  • View risk information in Analyst Queue findings

Module 8 - Managing Threat Intelligence

  • Understand and configure threat intelligence
  • Use the Threat Intelligence interface to configure threat lists
  • Configure new threat lists

Module 9 - Post-Deployment Configuration

  • Give an overview of general ES install requirements
  • Explain the different add-ons and where they are installed
  • Provide ES pre-installation requirements
  • Describe the Splunk_TA_ForIndexers app and where it is installed
  • Set general configuration options
  • Configure local and cloud domain information
  • Work with the Incident Review KV Store
  • Customize navigation
  • Configure Key Indicator searches

exam-cert

Frequently Asked Questions (FAQs)

  • Why get Splunk certified?

    Splunk certifications validate your expertise in data analytics and your proficiency in using the Splunk platform.

    These certifications demonstrate your ability to leverage Splunk's powerful tools for data collection, analysis, and visualization, making you a valuable asset to organizations seeking to gain actionable insights from their data.

    Splunk-certified professionals are in high demand across various industries, including IT, security, and business analytics.

  • What to expect for the examination?

    Splunk offers a variety of certification exams at different levels, covering various domains and products within the Splunk platform.

    Exams typically consist of multiple-choice and scenario-based questions that assess your knowledge and skills in using Splunk to solve real-world problems.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is Splunk certification valid for?

    All Splunk certifications are valid for three years from the date of passing the highest-level certification exam.

    To maintain your certification, you will need to recertify before it expires. You have three options for recertification:

    - Pursue a higher-level certification (including any required prerequisite courses), in which case your lower-level certifications would also be renewed on the date of passing the next-level certification exam.

    - Retake a certification exam within the final year of their recertification window to renew their certifications at that level (and any applicable downstream certifications).

    - Complete continuing education courses at any point in the three year recertification window beginning the date of badge issuance.

    Note: Certification requirements and policies may be updated by Splunk from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 24 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career.

Keep Exploring

Course Curriculum

Course Curriculum

Training Schedule

Training Schedule

Exam & Certification

Exam & Certification

FAQs

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

More Courses By Splunk

Browse All Courses
IBM Analytics3_odc8075g-ibm-tririga-facilities-and-space-management-training
The Splunk Platform

Implementing Splunk SmartStore

Implementing Splunk SmartStore
ILT VILT
Course Duration 1 Day
splk-cknob-creating-knowledge-objects-training
The Splunk Platform

Creating Knowledge Objects

This course will cover types of knowledge objects, the search-time operation sequence, and the processes for creating event types, workflow actions, tags, aliases, search macros, and calculated fields
ILT VILT
Course Duration 3 Hours
splk-ctapm-configuring-tracing-and-profiling-for-splunk-apm-training
Observability

Configuring Tracing and Profiling for Splunk APM

This single subject course targeted to DevOps enables you to learn configuration techniques to send traces to Splunk APM.
ILT VILT
Course Duration 5 Hours
img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name*
Email*
Phone*
I'm inquiring for
Inquiry Details*

By submitting this form, you consent to Trainocate processing your data to respond to your inquiry and provide you with relevant information about our training programs, including occasional emails with the latest news, exclusive events, and special offers.

You can unsubscribe from our marketing emails at any time. Our data handling practices are in accordance with our Privacy Policy.

Stay Connected. Be the first to Know.

Company

Vendors

Services

Customer Service

© Copyright Trainocate 2026. All rights reserved.