Course Description

This course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Interface Model (CIM).

Instructor-led Training Schedule
 Start Date  Start Time  Time Zone
27-Jun-18 09:00 AM (GMT+02:00) Cairo
View Schedule

Course Prerequisites

  • Splunk Fundamentals 1
  • Splunk Fundamentals 2
  • Splunk System Administration
  • Splunk Data Administration
  • Architecting Splunk Enterprise Deployments


Course Topics

  • Transforming commands and visualization
  • Filtering and formatting 
  • Results
  • Correlating events
  • Knowledge objects
  • Fields (Field aliases, field extractions, calculated fields)
  • Tags and event types
  • Macros
  • Workflow actions
  • Data models
  • Splunk Common Information Model (CIM)
Course Objectives

Module 1 – ES Introduction 

  • Overview of ES features and concepts

Module 2 – Monitoring and Investigation 

  • Security Posture
  • Incident Review
  • Notable events management

Module 3 – Security Intelligence 

  • Overview of security intel tools

Module 4 – Forensics, Glass Tables and Navigation Control 

  • Explore forensics dashboards
  • Examine glass tables
  • Configure navigation and dashboard permissions

Module 5 – ES Deployment 

  • Identify deployment topologies
  • Examine the deployment checklist
  • Understand indexing strategy for ES
  • Understand ES Data Models

Module 6 – Installation and Configuration 

  • Prepare a Splunk environment for installation
  • Download and install ES on a search head
  • Test a new install
  • Understand ES Splunk user accounts and roles
  • Post-install configuration tasks

Module 7 – Validating ES Data

  • Plan ES inputs
  • Configure technology add-ons

Module 8 – Custom Add-ons

  • Design a new add-on for custom data
  • Use the Add-on Builder to build a new add-on

Module 9 – Tuning Correlation Searches 

  • Configure correlation search scheduling and sensitivity
  • Tune ES correlation searches

Module 10 – Creating Correlation Searches 

  • Create a custom correlation search
  • Configuring adaptive responses
  • Search export/import

Module 11 – Lookups and Identity Management 

  • Identify ES-specific lookups
  • Understand and configure lookup lists

Module 12 – Threat Intelligence Framework 

  • Understand and configure threat intelligence
  • Configure user activity analysis