Administering Splunk Enterprise Security

Základní info

Popis kurzu

This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.


This 13.5 hour course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security. It covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.

Obsah kurzu

Course Objectives



Module 1 – ES Introduction 



  • Overview of ES features and concepts


Module 2 – Monitoring and Investigation 



  • Security Posture

  • Incident Review

  • Notable events management


Module 3 – Security Intelligence 



  • Overview of security intel tools


Module 4 – Forensics, Glass Tables and Navigation Control 



  • Explore forensics dashboards

  • Examine glass tables

  • Configure navigation and dashboard permissions


Module 5 – ES Deployment 



  • Identify deployment topologies

  • Examine the deployment checklist

  • Understand indexing strategy for ES

  • Understand ES Data Models


Module 6 – Installation and Configuration 



  • Prepare a Splunk environment for installation

  • Download and install ES on a search head

  • Test a new install

  • Understand ES Splunk user accounts and roles

  • Post-install configuration tasks


Module 7 – Validating ES Data



  • Plan ES inputs

  • Configure technology add-ons


Module 8 – Custom Add-ons



  • Design a new add-on for custom data

  • Use the Add-on Builder to build a new add-on


Module 9 – Tuning Correlation Searches 



  • Configure correlation search scheduling and sensitivity

  • Tune ES correlation searches


Module 10 – Creating Correlation Searches 



  • Create a custom correlation search

  • Configuring adaptive responses

  • Search export/import


Module 11 – Lookups and Identity Management 



  • Identify ES-specific lookups

  • Understand and configure lookup lists


Module 12 – Threat Intelligence Framework 



  • Understand and configure threat intelligence

  • Configure user activity analysis

Předpoklady

  • Splunk Fundamentals 1

  • Splunk Fundamentals 2
  • Splunk System Administartion

Studijní materiály

V angličtině

Administering Splunk Enterprise Security

Vybraný termín:

13.1.2021  Online

Cena
36900 Kč + 21 % DPH

Kontaktovat dodavatele


Kontrola proti spamu. Kolik je sedm a pět ? Součet zapište číslicemi.