Using Splunk Mission Control (USMC) – Outline

Outline detalhado do curso

Topic 1 - Splunk Mission Control Overview

  • Introduce Splunk Mission Control
  • Discuss features and capabilities
  • Identify benefits to security teams
  • Review the overall architecture

Topic 2 - Triage, Investigate, & Respond

  • Triage, Investigate, & Respond
  • Search for notables and filter the analyst queue
  • Use response templates in a notable investigation
  • Add notes, files, artifacts, and critical evidence to a notable

Topic 3 - Response Templates

  • Select and apply a response template for a particular use case
  • Modify the template to fit the notable investigation use case
  • Edit and delete the phases and tasks of the template
  • Create a new response template

Topic 4 - Dashboards

  • Review how to manage and create dashboards
  • Configure ad-hoc and on-premises searches
  • Add source connections for 3rd-party data sources
  • Build visualizations and utilize user inputs
  • Save and export dashboards