Using Splunk Enterprise Security (USES)

Price
$1,500.00 USD

Duration
3 Days

 

Delivery Methods
Virtual Instructor Led
Private Group

Request More Information
Download Course Details
Course Details Only
Course Details & Schedule
Skip to Class Dates

Course Overview

This course prepares security practitioners to use Splunk Enterprise Security (ES). Students identify and track incidents, analyze security risks, use predictive analytics, and discover threats.

Course Objectives

  • ES concepts, features, and capabilities
  • Assets and identities
  • Security monitoring and Incident investigation
  • Use risk-based alerting and risk analysis
  • Use investigation workbench, timelines, list and summary tools
  • Detecting known types of threats
  • Monitoring for new types of threats
  • Using analytical tools
  • Analyze user behavior for insider threats
  • Use threat intelligence tools
  • Use protocol intelligence and live stream data
    • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
    • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
    • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
    • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
    • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
    • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

    Course Prerequisites

    There are no prerequisites for this course.

    Agenda

    1 - Getting Started with ES

    • Describe the features and capabilities of Splunk Enterprise Security (ES)
    • Explain how ES helps security practitioners prevent, detect, and respond to threats
    • Describe correlation searches, data models, and notable events
    • Describe user roles in ES
    • Log into Splunk Web and access Splunk for Enterprise Security

    2 - Security Monitoring and Incident Investigation

    • Use the Security Posture dashboard to monitor ES status
    • Use the Incident Review dashboard to investigate notable events
    • Take ownership of an incident and move it through the investigation workflow
    • Create notable events
    • Suppress notable events

    3 - Risk-Based Alerting

    • Give an overview of Risk-Based Alerting
    • View Risk Notables and risk information on the Incident Review dashboard
    • Explain risk scores and how to change an object’s risk score
    • Review the Risk Analysis dashboard
    • Describe annotations
    • Describe the process for retrieving LDAP data for an asset or identity lookup

    4 - Investigations

    • Use investigations to manage incident response activity
    • Use the Investigation Workbench to manage, visualize and coordinate incident investigations
    • Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)
    • Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts

    6 - Using Security Domain Dashboards

    • Use ES to inspect events containing information relevant to active or past incident investigation
    • Identify security domains in ES
    • Use ES security domain dashboards
    • Launch security domain dashboards from Incident Review and from action menus in search results

    6 - Web Intelligence

    • Use the web intelligence dashboards to analyze your network environment
    • Filter and highlight events

    7 - User Intelligence

    • Evaluate the level of insider threat with the user activity and access anomaly dashboards
    • Understand asset and identity concepts
    • Use the Asset and Identity Investigators to analyze events
    • Use the session center for identity resolution
    • Discuss Splunk User Behavior Analytics (UBA) integration

    8 - Threat Intelligence

    • Give an overview of the Threat Intelligence framework and how threat intel is configured in ES
    • Use the Threat Activity dashboard to see which threat sources are interacting with your environment
    • Use the Threat Artifacts dashboard to examine the status of threat intelligence information in your environment

    9 - Protocol Intelligence

    • Explain how network data is input into Splunk events
    • Describe stream events
    • Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data
     

    Upcoming Class Dates and Times

    May 30, 31
    8:00 AM - 4:00 PM
    ENROLL $1,500.00 USD

    Virtual: Online - CST
     



    Do You Have Additional Questions? Please Contact Us Below.

    contact us contact us 
     
    Contact Us about Starting Your Business Training Strategy with New Horizons