Administering Splunk Enterprise Security 5.3 (ASES_)


Опис курсу

This course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES). It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.

Попередні вимоги

To be successful, students should have a solid understanding of the following courses:

  • Using Splunk Enterprise Security
  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Introduction to Knowledge Objects
  • Creating Knowledge Objects
  • Creating Field Extractions
  • Enriching Data with Lookups
  • Data Models
  • Splunk Enterprise System Administration
  • Splunk Enterprise Data Administration

Зміст курсу

Provide an overview of Splunk Enterprise Security (ES)

  • Customize ES dashboards
  • Examine the ES Risk framework and Risk-based Alerting (RBA)
  • Customize the Investigation Workbench
  • Understand initial ES installation and configuration
  • Manage data intake and normalization for ES
  • Create and tune correlation searches
  • Configure ES lookups
  • Configure Assets & Identities and Threat Intelligence

Prices & Delivery methods

Classroom training

2 days

  • on request
Online training

2 days

  • on request

Дати та реєстрація

Currently there are no training dates scheduled for this course.