Administering the Splunk App for Enterprise Security - Ingeniq Splunk Training Course
This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.
Splunk V6 training course, splunk admin course, splunk admin app training, splunk certification courses, splunk enterprise security training, training for Splunk Enterprise Security Suite, splunk ES training
13253
page-template-default,page,page-id-13253,page-child,parent-pageid-9404,ajax_fade,page_not_loaded,,qode-theme-ver-1.5,wpb-js-composer js-comp-ver-4.3.5,vc_responsive

Administering the Splunk App for Enterprise Security

This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.

Units: 3
Duration: 13.5 hours over 3 days
Time: 9 am – 1:30 pm  AEST (GMT +10)
Cost: AUD 2,160.00 ex GST

Course Topics
  • Identify normal ES use cases
  • Examine deployment requirements for typical ES installs
  • Learn how to install ES and gather information for lookups
  • Learn the steps to setting up inputs using technology add-ons
  • Create custom correlation searches
  • Configure ES risk analysis, threat and protocol intelligence
  • Fine tune ES’s settings and other customizations
After Completing this course you will be able to
  • Examine deployment topologies, requirements and checklist.
  • Generate configurations and test new installations.
  • Validate data against the Common Information Model.
  • Configure ES inputs and Technology Add-ons.
  • Describe and customize correlations searches.
  • Configure asset/identify lookups and new threat feeds.
  • Create your own add on for custom data sources.
  • Audit an ES installation for completeness.
Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site.

 

Course Prerequisites
  • Splunk Fundamentals 1
  • Splunk Fundamentals 2
  • Enterprise Data Administration
  • Enterprise Systems Administration
  • Architecting and Deploying Splunk
Course Objectives

Module 1 – ES Introduction

  • Overview of ES features and concepts

Module 2 – Monitoring and Investigation

  • Security Posture
  • Incident Review
  • Notable events management
  • Understand ES Splunk user accounts and roles

Module 3 – Security Intelligence

  • Overview of security intel tools

Module 4 – Forensics, Glass Tables and Navigation Control

  • Explore forensics dashboards
  • Examine glass tables
  • Configure navigation and dashboard permissions

Module 5 – ES Deployment

  • Identify deployment topologies
  • Examine the deployment checklist
  • Understand indexing strategy for ES
  • Understand ES Data Models

Module 6 – Installation and Configuration

  • Prepare a Splunk environment for installation
  • Download and install ES on a search head
  • Test a new install
  • Understand ES Splunk user accounts and roles
  • Post-install configuration tasks

Module 7 – Validating ES Data

  • Plan ES inputs
  • Configure technology add-ons

Module 8 – Custom Add-ons

  • Design a new add-on for custom data
  • Use the Add-on Builder to build a new add-on

Module 9 – Correlation Searches

  • Configure correlation search scheduling and sensitivity
  • Tune ES correlation searches
  • Create a custom correlation search

Module 10 – Lookups and Identity Management

  • Identify ES-specific lookups
  • Understand and configure lookup lists

Module 11 – Threat Intelligence Framework

  • Understand and configure threat intelligence
  • Configure user activity analysis
Audience

Anyone whose role includes deploying or configuring the Splunk App for Enterprise Security. Previous attendees have included IT Operations, Security Operations Centre (SOC) staff, Pre-Sales Consultants, Security Sales Engineers and Security Architects.

Administering the App for Enterprise Security Course Dates

Administering the Splunk App for Enterprise Security – 2nd-4th May

This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES…

$2,160.00

Administering the Splunk App for Enterprise Security – 4th-6th July

This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES…

$2,160.00
Training Calendar