EtusivuHae koulutuksia & tapahtumiaUsing Splunk Enterprise Security

Using Splunk Enterprise Security

This 13.5-hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students identify and track incidents, analyze security risks, use predictive analytics, and discover threats.


Osallistumismuoto

Remote


Kesto

2 päivää


Hinta

1500 €

  • ES concepts,features, and capabilities

  • Assets and identities

  • Security monitoring and Incident investigation

  • Use risk-based alerting and risk analysis

  • Use investigation workbench, timelines, list and summary tools

  • Detecting known types of threats

  • Monitoring for new types of threats

  • Using analytical tools

  • Analyze user behavior for insider threats

  • Use threat intelligence tools

  • Use protocol intelligence and live stream data

  • Splunk Fundamentals 1

  • Splunk Fundamentals 2

Or the following single-subject courses:

  • What is Splunk?

  • Intro to Splunk

  • Using Fields

  • Scheduling Reports and Alerts

  • Visualizations

  • Leveraging Lookups and Sub-searches

  • Search Under the Hood

  • Introduction to Knowledge Objects

  • Enriching Data with Lookups

  • Data Models

  • Introduction to Dashboards

Module 1 - Getting Started with ES

  • Describe the features and capabilities of Splunk Enterprise Security (ES)

  • Explain how ES helps security practitioners prevent, detect, and respond to threats

  • Describe correlation searches, data models and notable events

  • Describe user roles in ES

  • Log into Splunk Web and access Splunk for Enterprise Security

Module 2 - Security Monitoring and Incident Investigation

  • Use the Security Posture dashboard to monitor ES status

  • Use the Incident Review dashboard to investigate notable events

  • Take ownership of an incident and move it through the investigation workflow

  • Create notable events

  • Suppress notable events

    • Module 3 - Risk-Based Alerting

    • Give an overview of Risk-Based Alerting

    • View Risk Notables and risk information on the Incident Review dashboard

    • Explain risk scores and how to change an object's risk score

    • Review the Risk Analysis dashboard

    • Describe annotations

    • Describe the process for retrieving LDAP data for an asset or identity lookup

      • Module 4 - Investigations

      • Use investigations to manage incident response activity

      • Use the investigation workbench to manage, visualize and coordinate incident investigations

      • Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)

      • Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts

        • Module 5 - Using Security Domain Dashboards

        • Use ES to inspect events containing information relevant to active or past incident investigations

        • Identify security domains in ES

        • Use ES security domain dashboards

        • Launch security domain dashboards from Incident Review and from action menus in search results

          • Module 6 - Web Intelligence

          • Use the web intelligence dashboards to analyze your network

          • Filter and highlight events

            • Module 7 - User Intelligence

            • Evaluate the level of insider threat with the user activity and access anomaly dashboards

            • Understand asset and identity concepts

            • Use the session center for identity resolution

            • Discuss Splunk User Behavior Analytics (UBA) integration

              • Module 8 - Threat Intelligence

              • Give an overview of the Threat Intelligence framework and how threat intel is configured in ES

              • Use the Threat Activity dashboard to see which threat sources are interacting with your environment

              • Use the Threat Activity dashboard to examine the status of threat intelligence information in your environment.

                • Module 9 - Protocol Intelligence

                • Explain how network data is input into Splunk events

                • Describe stream events

                • Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data

                  • Hinta 1500 € +alv

                  Toteutukset


                  + Näytä lisää toteutuksia


                  Pidätämme oikeudet mahdollisiin muutoksiin ohjelmassa, kouluttajissa ja toteutusmuodossa. 
                  Katso usein kysytyt kysymykset täältä.

                  Yhteistyössä: Arrow