This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.
This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.
Course Objectives
Module 1 – ES Introduction
Module 2 – Monitoring and Investigation
Module 3 – Security Intelligence
Module 4 – Forensics, Glass Tables and Navigation Control
Module 5 – ES Deployment
Module 6 – Installation and Configuration
Module 7 – Validating ES Data
Module 8 – Custom Add-ons
Module 9 – Tuning Correlation Searches
Module 10 – Creating Correlation Searches
Module 11 – Lookups and Identity Management
Module 12 – Threat Intelligence Framework