- Free Courses
-
Learning Paths
- Courses for Users
- Courses for Splunk Administrators
- Courses for Splunk Cloud Customers
-
Courses for Splunk Architects
- Overview
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Architecting Splunk Enterprise Deployments
- Administering Splunk Enterprise Security
- Courses for App Developers
-
Courses for Enterprise Security Administrators
- Overview
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Administering Splunk Enterprise Security
- Courses for Enterprise Security End-Users
- Courses for IT Service Intelligence Administrators
- Courses for IT Service Intelligence End-Users
- Courses for Phantom Customers
-
Certification Tracks
- Splunk Core Certified User
- Splunk Core Certified Power User
- Splunk Core Certified Advanced Power User
- Splunk Enterprise Certified Admin
- Splunk Enterprise Certified Architect
- Splunk Certified Developer
- Splunk Enterprise Security Certified Admin
- Splunk IT Service Intelligence Certified Admin
-
Splunk Core Certified Consultant
- Overview
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Enterprise Practical Lab
- Splunk Fundamentals 3
- Creating Dashboards with Splunk
- Advanced Searching and Reporting
-
Courses
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Creating Dashboards with Splunk
- Advanced Dashboards and Visualizations
- Building Splunk Apps
- Splunk for Analytics and Data Science
- Splunk Infrastructure Overview
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Cloud Administration
- Architecting Splunk Enterprise Deployments
- Splunk Enterprise Practical Lab
- Developing with Splunk's REST API
- Administering Splunk Enterprise Security
- Using Splunk Enterprise Security
- Implementing Splunk IT Service Intelligence
- Using Splunk IT Service Intelligence
- Splunk User Behavior Analytics
- Administering Phantom
- Developing Phantom Playbooks
- Working with Metrics in Splunk
- Implementing Splunk SmartStore
- Splunk Workload Management
-
Videos
- All Videos
- Splunk Cloud Tutorial
- Installing Splunk Enterprise on Linux
- Installing Splunk Enterprise on Windows
- Getting Data In to Splunk Enterprise (Linux)
- Getting Data In (Windows)
- Getting Data In with Forwarders
- Basic Search in Splunk Enterprise
- Create a Dashboard in Splunk Enterprise
- Splunk Certification Candidate Journey
- Creating Alerts in Splunk Enterprise
-
- Certification Exams
- Program Guide + FAQ
- Download Fact Sheet
Course Description
This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.
Instructor-led Training Schedule
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk System Administration
- Splunk Data Administration
- Architecting Splunk Enterprise Deployments (recommended but not required)
- Transforming commands and visualization
- Filtering and formatting
- Results
- Correlating events
- Knowledge objects
- Fields (Field aliases, field extractions, calculated fields)
- Tags and event types
- Macros
- Workflow actions
- Data models
- Splunk Common Information Model (CIM)
Course Objectives
- Overview of ES features and concepts
- Security Posture
- Incident Review
- Notable events management
- Overview of security intel tools
- Explore forensics dashboards
- Examine glass tables
- Configure navigation and dashboard permissions
- Identify deployment topologies
- Examine the deployment checklist
- Understand indexing strategy for ES
- Understand ES Data Models
- Prepare a Splunk environment for installation
- Download and install ES on a search head
- Test a new install
- Understand ES Splunk user accounts and roles
- Post-install configuration tasks
- Plan ES inputs
- Configure technology add-ons
- Design a new add-on for custom data
- Use the Add-on Builder to build a new add-on
- Configure correlation search scheduling and sensitivity
- Tune ES correlation searches
- Create a custom correlation search
- Configuring adaptive responses
- Search export/import
- Identify ES-specific lookups
- Understand and configure lookup lists
- Understand and configure threat intelligence
- Configure user activity analysis