Skip to main content

SPLUNK TRAINING + CERTIFICATION

Administering Splunk Enterprise Security

QUICK LINKS   

My Training Profile | Splunk Education Student Handbook

Course Description

This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.

Download Course Description

Instructor-led Training Schedule

View Schedule

Course Prerequisites

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2
  • Splunk System Administration
  • Splunk Data Administration
  • Architecting Splunk Enterprise Deployments (recommended but not required)

Course Topics

  • Monitoring and Investigation
  • Security Intelligence  
  • Forensics, Glass Tables and Navigation Control  
  • ES Deployment  
  • Installation and Configuration  
  • Validating ES Data 
  • Custom Add-ons 
  • Tuning Correlation Searches  
  • Creating Correlation Searches  
  • Lookups and Identity Management 
  • Threat Intelligence Framework 

Course Objectives

Module 1 – ES Introduction 
  • Overview of ES features and concepts
 
Module 2 – Monitoring and Investigation 
  • Security Posture
  • Incident Review
  • Notable events management
 
Module 3 – Security Intelligence 
  • Overview of security intel tools
 
Module 4 – Forensics, Glass Tables and Navigation Control 
  • Explore forensics dashboards
  • Examine glass tables
  • Configure navigation and dashboard permissions
 
Module 5 – ES Deployment 
  • Identify deployment topologies
  • Examine the deployment checklist
  • Understand indexing strategy for ES
  • Understand ES Data Models
 
Module 6 – Installation and Configuration 
  • Prepare a Splunk environment for installation
  • Download and install ES on a search head
  • Test a new install
  • Understand ES Splunk user accounts and roles
  • Post-install configuration tasks

 

Module 7 – Validating ES Data
  • Plan ES inputs
  • Configure technology add-ons

 

Module 8 – Custom Add-ons
  • Design a new add-on for custom data
  • Use the Add-on Builder to build a new add-on
 
Module 9 – Tuning Correlation Searches 
  • Configure correlation search scheduling and sensitivity
  • Tune ES correlation searches
 
Module 10 – Creating Correlation Searches 
  • Create a custom correlation search
  • Configuring adaptive responses
  • Search export/import
 
Module 11 – Lookups and Identity Management 
  • Identify ES-specific lookups
  • Understand and configure lookup lists
 
Module 12 – Threat Intelligence Framework 
  • Understand and configure threat intelligence
  • Configure user activity analysis
PLATFORM
PLATFORM
SECURITY
SECURITY
IT OPERATIONS & DEVOPS
IT OPERATIONS & DEVOPS
SOLUTIONS BY INITIATIVE
SOLUTIONS BY INITIATIVE
SOLUTIONS BY FUNCTION
SOLUTIONS BY FUNCTION
SOLUTIONS BY INDUSTRY
SOLUTIONS BY INDUSTRY
WHY SPLUNK?
WHY SPLUNK?
SUPPORT
SUPPORT
RESOURCES
RESOURCES
FOR DEVELOPERS
FOR DEVELOPERS
COMPANY
COMPANY
SPLUNK SITES
SPLUNK SITES
Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005-2021 Splunk Inc. All rights reserved.

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.