Splunkのトレーニング + 認定
Administering Phantom
- 無料コース
-
ラーニングパス
- ユーザー向けコース
- Splunk 管理者向けコース
- Splunk Cloud お客様向けコース
-
Splunk アーキテクト向けコース
- 概要
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Creating Dashboards with Splunk
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Architecting Splunk Enterprise Deployments
- Administering Splunk Enterprise Security
- アプリケーション開発者向けコース
- Enterprise Security 管理者向けコース
- Enterprise Security エンドユーザー向けコース
- IT Service Intelligence 管理者向けコース
- IT Service Intelligence エンドユーザー向けコース
- Phantom のお客様向けコース
-
認定トラック
- Splunk Core Certified User
- Splunk Core Certified Power User
- Splunk Enterprise Certified Architect
- Splunk Enterprise Certified Admin
- Splunk Certified Developer
- Splunk Enterprise Security Certified Admin
- Splunk IT Service Intelligence Certified Admin
-
Splunk Core Certified Consultant
- 概要
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Architecting Splunk Enterprise Deployments
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Enterprise Practical Lab
- Creating Dashboards with Splunk
- Advanced Searching and Reporting
-
コース
- Splunk Fundamentals 1
- Splunk Fundamentals 2
- Splunk Fundamentals 3
- Advanced Searching and Reporting
- Creating Dashboards with Splunk
- Advanced Dashboards and Visualizations
- Building Splunk Apps
- Splunk for Analytics and Data Science
- Splunk Infastructure Overview
- Splunk Enterprise System Administration
- Splunk Enterprise Data Administration
- Troubleshooting Splunk Enterprise
- Splunk Enterprise Cluster Administration
- Splunk Cloud Administration
- Architecting Splunk Enterprise Deployments
- Splunk Deployment Practical Lab
- Developing with Splunk's REST API
- Administering Splunk Enterprise Security
- Using Splunk Enterprise Security
- Implementing Splunk IT Service Intelligence
- Using Splunk IT Service Intelligence
- Splunk User Behavior Analytics
- Administering Phantom
- Working with Metrics in Splunk
- Developing Phantom Playbooks
- Implementing Splunk SmartStore
- Splunk Workload Management
-
ビデオ
- All Videos
- Splunk Cloud Tutorial
- Installing Splunk Enterprise on Linux
- Installing Splunk Enterprise on Windows
- Getting Data In to Splunk Enterprise (Linux)
- Getting Data In (Windows)
- Getting Data In with Forwarders
- Basic Search in Splunk Enterprise
- Create a Dashboard in Splunk Enterprise
- Splunk Certification Candidate Journey
- Creating Alerts in Splunk Enterprise
- Program Guide + FAQ
-
- ファクトシートをダウンロード
Course Description
This course prepares IT and security practitioners to install, configure and
use a Phantom server in their environment and will prepare developers to attend
the playbook development course.
Instructor-led Training Schedule
Course Prerequisites
Classes:
- None
Course Topics
- Phantom topics and concepts
- Installation
- Initial configuration
- Apps and assets
- User management
- Ingesting data
- Events and containers
- Mission control
- Running actions and playbooks
- Case management
- Case workflows
- Multi tenancy
- Clustering
Course Objectives
Module 1 – Introduction & Concepts
- Describe Phantom operating concepts
- Identify documentation and community resources
- Identify installation options
- Perform initial configuration
- Configure multi tenancy to enable use of Phantom by multiple teams
Module 2 – Installation
- Deployment planning
- Pre-installation steps
- Identify installation options
- Upgrading Phantom
Module 3 – Initial Configuration
- Product settings
- Access control
- Authentication settings
- Response settings
Module 4 – Apps and Assets
- Describe how apps and assets work in Phantom
- Add and configure new apps
- Configure assets
Module 5 – Data Ingestion
- Assets as data sources
- Configuring data polling
- Labels and tags
- Data ingestion management
- Event settings
Module 6 – Containers and Events
- Work with the analyst queue
- Filtering and sorting
- Using search
- Container export and import
- Aggregation settings
Module 7 – Mission Control
- Use Mission Control to work on events
- Use indicators to find matching artifacts in multiple events
- Manually run actions and examine action results
- Manually run playbooks
- Use the vault to store related files
- Using the heads-up display
- Using notes
Module 8 – Case Management and Workflows
- Use case management for complex investigations
- Use case workflows
- Define new workflows
- Customize case management
Module 9 – Multi tenancy and Clustering
- Define clustering best practices
- Configure multi-server Phantom clusters
- Configure multi-tenancy
Module 10 – Maintenance and reporting
- Run reports
- Use Phantom audit tools
- Monitor system health