Splunk Enterprise Security Certified Admin

Paths

Splunk Enterprise Security Certified Admin

Authors: Joe Abraham, Muhammad Awan

A Splunk Enterprise Security (ES) Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology... Read more

What you will learn

  • Review of the features and concepts of Splunk Enterprise Security
  • Configure Splunk ES dashboards to reveal insights, monitor, and investigate
  • Manage Splunk Enterprise Security dashboards
  • Deploy Splunk Enterprise Security to your SOC environment
  • Install and Configure Splunk Enterprise Security
  • Customize Splunk Enterprise Security data
  • Create custom add ons to enhance visibility
  • Tune correlation searches for use in Splunk Enterprise Security
  • Create correlation searches for use in Splunk ES
  • Add context to data using lookups and identities
  • Deploy Splunk ES security intelligence tools
  • Use the Splunk threat inteligence framework

Pre-requisites

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2
  • Splunk System Administration
  • Splunk Data Administration

Splunk Enterprise Security Certified Admin

In this section, you will learn to install, configure, and manage Splunk Enterprise Security.

Splunk Enterprise Security: Big Picture

by Joe Abraham

Mar 31, 2020 / 51m

51m

Start Course
Description

Splunk Enterprise Security (ES) solves many problems that we face inside SOC environments today. It helps to streamline investigations, perform automated correlation, and give intelligence to your team in a useful interface. In this course, Splunk Enterprise Security: Big Picture, you will develop an understanding of how Splunk Enterprise Security fits into your organization and assists your cyber security team. First, you will learn what Splunk Enterprise Security is and does. Next, you will discover how the useful features that Splunk ES provides will help transform your operations. Finally, you will explore the many use cases of Splunk ES and how it would be used in your environment. When you are finished with this course, you will have the skills and knowledge of Splunk ES needed to fully understand its capabilities and features.

Table of contents
  1. Course Overview
  2. Learning About Splunk Enterprise Security
  3. Understanding Splunk Enterprise Security Features
  4. Using Splunk Enterprise Security

Planning, Deploying, and Configuring Splunk Enterprise Security

by Joe Abraham

May 22, 2020 / 1h 34m

1h 34m

Start Course
Description

Splunk Enterprise Security (ES) solves many problems within our SOCs including efficient operations. In this course, Planning, Deploying, and Configuring Splunk Enterprise Security, you’ll learn how to get this application installed and configured quickly. First, you’ll explore the design process and learn how all of the design considerations in a Splunk ES deployment. Next, you’ll discover how to prepare your environment for a Splunk Enterprise Security deployment. Finally, you’ll learn how to configure the tool and all of the applicable data modifications you’ll need to make. When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise Security needed to get it up and running.

Table of contents
  1. Course Overview
  2. Designing a Splunk Enterprise Security Deployment
  3. Planning and Preparing for Splunk Enterprise Security
  4. Configuring Splunk Enterprise Security

Managing Splunk Enterprise Security Data and Dashboards

by Joe Abraham

Jul 23, 2020 / 2h 20m

2h 20m

Start Course
Description

Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Managing Splunk Enterprise Security Data and Dashboards, you’ll learn how to get the data usable for Splunk Enterprise Security and see how it can add to the function and uses of dashboards and features within the application. First, you’ll learn about the data ingestion and work through examples taking data and making it CIM-compatible for use for specific dashboards and features. Next, you’ll discover how to manage the dashboards that are available to you and how to modify them and the data to correspond to each other. Finally, you’ll learn how to configure and use features like the glass tables, forensics and investigation dashboards, and others. When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise Security needed to start ingesting data and administering it appropriately.

Table of contents
  1. Course Overview
  2. Configuring Data Inputs for Splunk Enterprise Security
  3. Examining Security Posture and Metrics
  4. Managing the Incident Review Dashboard
  5. Exploring Additional Dashboards and Features
  6. Managing Investigations in Splunk Enterprise Security

Designing and Creating Add-ons for Splunk Enterprise Security

by Joe Abraham

Sep 29, 2020 / 1h 38m

1h 38m

Start Course
Description

Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Designing and Creating Add-ons in Splunk Enterprise Security, you’ll learn how to design the add-on based on use cases and the data, as well as build it. First, you’ll learn about the data sources and see how to configure them for ingestion into Splunk. Next, you’ll learn about the Splunk Add-on Builder and walk through the workflow of it. We’ll design and create an add-on in Splunk. Finally, you’ll learn how to validate the add-ons to ensure that they align with best practices and recommendations. When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise Security needed to build add-ons for new data sources to use within Splunk Enterprise Security.

Table of contents
  1. Course Overview
  2. Understanding and Configuring Data Sources for Splunk Enterprise Security
  3. Exploring the Splunk Add-on Builder
  4. Designing a Custom Splunk Add-on
  5. Creating a Splunk Add-on
  6. Validating a Splunk Add-on

Tuning and Creating Correlation Searches in Splunk Enterprise Security

by Muhammad Awan

Feb 6, 2020 / 2h 43m

2h 43m

Start Course
Description

Splunk Enterprise Security uses correlation searches to provide visibility into security-related threats and vulnerabilities, and generates notable events to track identified threats. In this course, Tuning and Creating Correlation Searches in Splunk Enterprise Security, you will gain the ability to create and tune correlation searches in Splunk Enterprise Security. First, you will learn how to tune and customize available correlation searches in Splunk Enterprise Security as well as plan, create, and deploy custom correlation searches specific to your environment. Next, you will discover ES-specific lookups and learn how to create and customize them. Finally, you will explore how to setup and manage assets and identities in Splunk ES for data enrichment purposes. When you are finished with this course, you will have the skills and knowledge of tuning and creating correlation searches needed to administer the incident management, and assets and identity frameworks of Splunk Enterprise Security.

Table of contents
  1. Course Overview
  2. The Anatomy and Functions of Correlation Searches
  3. Tuning Correlation Searches
  4. Creating Correlation Searches
  5. Importing and Exporting Correlation Searches
  6. Implementing ES-specific Lookups and Managing Identities
  7. Summary

Coming Soon

Configuring Threat Intelligence in Splunk Enterprise Security

Coming Soon

by Joe Abraham