Administering Splunk Enterprise Security (ASES)
Moyens d'évaluation :
- Évaluations formatives pendant la formation, à travers les travaux pratiques réalisés sur les labs à l’issue de chaque module
- Évaluation sous forme de questionnaire à l’issue de la formation
Who should attend
This 13.5-hour module prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES).
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students should have a solid understanding of the following module:
- Splunk Fundamentals 1 and 2 (Retired)
Or the following single-subject modules:
- What is Splunk? (WIS)
- Intro to Splunk (ITS)
- !
- Scheduling Reports & Alerts (SRA)
- Visualizations (SVZ)
- Leveraging Lookups and Subsearches (LLS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
- Dynamic Dashboards (SDD)
Students should also have completed the following courses:
Course Objectives
- Examine how ES functions including data models, correlation searches, notable events, and dashboards
- Review risk-based alerting
- Customize the Investigation Workbench
- Learn how to install or upgrade ES
- Fine tune ES Global Settings
- Learn the steps to setting up inputs using technology add-ons
- Create custom correlation searches
- Customize assets and identities
- Configure threat intelligence
Course Content
It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.
Moyens Pédagogiques :