Course Description

This 13.5 hour course prepares consultants to install and configure Splunk's app for IT Service Intelligence (ITSI). Students will learn to use ITSI to monitor mission-critical services. Topics include ITSI architecture, deployment planning, installation, service design and implementation, configuring entities, notable events, and developing glass tables and deep dives.

Instructor-led Training Schedule
 Start Date  Start Time  Time Zone
03-Jan-18 09:00 AM (GMT-08:00) Pacific Time (US & Canada)
08-Jan-18 09:00 AM (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
17-Jan-18 09:00 AM (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
17-Jan-18 09:00 AM (GMT-08:00) Pacific Time (US & Canada)
24-Jan-18 09:00 AM (GMT-05:00) Eastern Time (US & Canada)
View Schedule

Course Topics

  • Overview of ITSI features
  • ITSI architecture and deploymentInstalling ITSI
  • Designing and implementing services and entities
  • Configuring correlation searches and notable events
  • Creating deep dive pages
  • Creating glass tables
  • ITSI troubleshooting
Course Objectives

Module 1 -  Introducing ITSI

  • Define key service intelligence conceptsIdentify ITSI features
  • Explain the role of the common information model in ITSI
  • Examine the ITSI user interface


Module 2 - Installing and Configuring ITSI

  • List ITSI hardware recommendations
  • Describe ITSI deployment optionsIdentify ITSI components
  • Describe the installation procedure
  • Identify data input options for ITSI
  • Add custom data to an ITSI deployment

Module 3 - Designing Services

  • Given customer requirements, plan an ITSI implementation
  • Use a data audit to identify service key performance indicators
  • Identify site entities

Module 4 - Implementing Services

  • Use a service design to implement services in ITSI
  • Create KPIs with static and adaptive thresholds
  • Use time policies to define flexible thresholds
  • Use anomaly detection


Module 5 - Risk and Network Analysis

  • Understand and use Risk Analysis
  • Use the Risk Analysis dashboard
  • Assign risk scores

Module 6 - Web Intelligence

  • Use HTTP Category Analysis, HTTP User Agent Analysis, New Domain Analysis, and Traffic Size Analysis to spot new threats
  • Filter and highlight events

Module 7 - User Intelligence

  • Evaluate the level of insider threat with the user activity and access anomaly dashboards
  • Understand asset and identity concepts
  • Use the Asset Investigator to analyze events related to an asset
  • Use the Identity Investigator to analyze events related to an identity
  • Examine asset and identity lookup tables

Module 8 - Threat Intelligence

  • Use the Threat Activity dashboard to analyze traffic to or from known malicious sites
  • Inspect the status of your threat intelligence content with the threat artifact dashboard

Module 9 - Protocol Intelligence

  • Use ES predictive analytics to make forecasts and view trends


Module 10 - Glass Tables

  • Build glass tables to display security status information
  • Create new key indicators for metrics on glass tables