CODE: SPL_ASES7
LENGTH: 24 Hours (3 days)
PRICE: kr16 000,00
This 13.5 hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.
-Examine how ES functions including data models, correlation searches, notable events and dashboards
-Create custom correlation searches
-Customize the Investigation Workbench
-Learn how to install or upgrade ES
-Learn the steps to setting up inputs using technology add-ons
-Fine tune ES Global Settings
-Customize risk and configure threat intelligence
To be successful, students should have a solid understanding of the following:
OR the following single-subject courses:
Students should also have completed the following courses:
Module 1 – Introduction to ES
Module 2 – Security Monitoring
Module 3 – Risk-Based Alerting
Module 4 – Incident Investigation
Module 5 – Installation
Module 6 – Initial Configuration
Module 7 – Validating ES Data
Module 8 – Custom Add-ons
Module 9 – Tuning Correlation Searches
Module 10 – Creating Correlation Searches
Module 11 – Asset & Identity Management
Module 12 – Manage Threat Intelligence