Administering Splunk Enterprise Security

Course Objectives
 

Module 1 – ES Introduction 

• Overview of ES features and concepts

Module 2 – Monitoring and Investigation 

• Security Posture
• Incident Review
• Notable events management

Module 3 – Security Intelligence 

• Overview of security intel tools

Module 4 – Forensics, Glass Tables and Navigation Control 

• Explore forensics dashboards
• Examine glass tables
• Configure navigation and dashboard permissions

Module 5 – ES Deployment 

• Identify deployment topologies
• Examine the deployment checklist
• Understand indexing strategy for ES
• Understand ES Data Models

Module 6 – Installation and Configuration 

• Prepare a Splunk environment for installation
• Download and install ES on a search head
• Test a new install
• Understand ES Splunk user accounts and roles
• Post-install configuration tasks

Module 7 – Validating ES Data

• Plan ES inputs
• Configure technology add-ons

Module 8 – Custom Add-ons

• Design a new add-on for custom data
• Use the Add-on Builder to build a new add-on

Module 9 – Tuning Correlation Searches 

• Configure correlation search scheduling and sensitivity
• Tune ES correlation searches

Module 10 – Creating Correlation Searches 

• Create a custom correlation search
• Configuring adaptive responses
• Search export/import

Module 11 – Lookups and Identity Management 

• Identify ES-specific lookups
• Understand and configure lookup lists

Module 12 – Threat Intelligence Framework 

• Understand and configure threat intelligence
• Configure user activity analysis