Quién debería asistir
This 13.5-hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES).
Certificaciones
Este curso es parte de las siguientes Certificaciones:
Prerrequisitos
To be successful, students should have a solid understanding of the following courses:
- Using Splunk Enterprise Security (USES)
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Splunk Enterprise System Administration (SESA)
- Splunk Enterprise Data Administration (SEDA)
Objetivos del curso
- Provide an overview of Splunk Enterprise Security (ES)
- Customize ES dashboards
- Examine the ES Risk framework and Risk-based Alerting (RBA)
- Customize the Investigation Workbench
- Understand initial ES installation and configuration
- Manage data intake and normalization for ES
- Create and tune correlation searches
- Configure ES lookups
- Configure Assets & Identities and Threat Intelligence
Contenido del curso
The course covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.
Please note that this class may run over three days, with 4.5 hour sessions each day, to achieve the full nine hours of course content.