Administering Splunk Enterprise Security (ASES)

Price
$1,500.00 USD

Duration
2 Days

 

Delivery Methods
Virtual Instructor Led
Private Group

Course Overview

It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.

Course Objectives

  • Examine how ES functions including data models, correlation searches, notable events, and dashboards
  • Review risk-based alerting
  • Customize the Investigation Workbench
  • Learn how to install or upgrade ES
  • Fine tune ES Global Settings
  • Learn the steps to setting up inputs using technology add-ons
  • Create custom correlation searches
  • Customize assets and identities
  • Configure threat intelligence

Who Should Attend?

This course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES).
  • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
  • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
  • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
  • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
  • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
  • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

Agenda

1 - Introduction to ES

  • Review how ES functions
  • Understand how ES uses data models
  • Configure ES roles and permissions

2 - Security Monitoring

  • Customize the Security Posture and Incident Review dashboards
  • Create ad hoc notable events
  • Create notable event suppressions

3 - Risk-Based Alerting

  • Give an overview of risk-based alerting
  • View Risk Notables and risk information on the Incident Review dashboard
  • Explain risk scores and how an ES admin can change an object's risk score
  • Review the Risk Analysis dashboard
  • Describe annotations

4 - Incident Investigation

  • Review the Investigations dashboard
  • Customize the Investigation Workbench
  • Manage investigations

5 - Installation

  • Prepare a Splunk environment for installation
  • Download and install ES on a search head
  • Test a new install
  • Post-install configuration tasks

6 - Initial Configuration

  • Set general configuration options
  • Add external integrations
  • Configure local domain information
  • Customize navigation
  • Configure Key Indicator searches

7 - Validating ES Data

  • Verify data is correctly configured for use in ES
  • Validate normalization configurations
  • Install additional add-ons

8 - Custom Add-ons

  • Design a new add-on for custom data
  • Use the Add-on Builder to build a new add-on

9 - Tuning Correlation Searches

  • Configure correlation search scheduling and sensitivity
  • Tune ES correlation searches

10 - Creating Correlation Searches

  • Create a custom correlation search
  • Manage adaptive responses
  • Export/import content

11 - Asset & Identity Management

  • Review the Asset and Identity Management interface
  • Describe Asset and Identity KV Store collections
  • Configure and add asset and identity lookups to the interface
  • Configure settings and fields for asset and identity lookups
  • Explain the asset and identity merge process
  • Describe the process for retrieving LDAP data for an asset or identity lookup

12 - Threat Intelligence Framework

  • Understand and configure threat intelligence
  • Use the Threat Intelligence Management interface to configure a new threat list
 

Upcoming Class Dates and Times

Apr 17, 18, 19
9:00 AM - 1:30 PM
ENROLL $1,500.00 USD
 



Do You Have Additional Questions? Please Contact Us Below.

contact us contact us 
 
Contact Us about Starting Your Business Training Strategy with New Horizons