Using Splunk Enterprise Security

Základní info

Popis kurzu

This 13.5 hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students will use ES to identify and track security incidents, analyze security risks, use predictive analytics, and threat discovery.


This 13.5 hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students will use ES to identify and track security incidents, analyze security risks, use predictive analytics, and threat discovery.

Obsah kurzu

Course Objectives



Module 1 - Getting Started with ES



  • Provide an overview of Splunk for Enterprise Security (ES)

  • Identify the differences between traditional security threats and new adaptive threats

  • Describe correlation searches, data models and notable events

  • Describe user roles in ES

  • Log on to ES


Module 2 - Security Monitoring and Incident Investigation



  • Use the Security Posture dashboard to monitor enterprise security status

  • Use the Incident Review dashboard to investigate notable events

  • Take ownership of an incident and move it through the investigation workflow

  • Use adaptive response actions during incident investigation

  • Create notable events

  • Suppress notable events


Module 3 – Investigations



  • Use ES investigation timelines to manage, visualize and coordinate incident investigations

  • Use timelines and journals to document breach analysis and mitigation efforts


Module 4 – Forensic Investigation with ES



  • Investigate access domain events 

  • Investigate endpoint domain events

  • Investigate network domain events

  • Investigate identity domain events


Module 5 – Risk and Network Analysis



  • Understand and use Risk Analysis

  • Use the Risk Analysis dashboard

  • Manage risk scores for objects or users


Module 6 – Web Intelligence



  • Use HTTP Category Analysis, HTTP User Agent Analysis, New Domain Analysis, and Traffic Size Analysis to spot new threats

  • Filter and highlight events


Module 7 – User Intelligence



  • Evaluate the level of insider threat with the user activity and access anomaly dashboards

  • Understand asset and identity concepts

  • Use the Asset Investigator to analyze events 

  • Use the Identity Investigator to analyze events 

  • Use the session center for identity resolution (UBA integration)


Module 8 – Threat Intelligence



  • Use the Threat Activity dashboard to analyze traffic to or from known malicious sites

  • Inspect the status of your threat intelligence content with the threat artifact dashboard


Module 9 - Protocol Intelligence



  • Describe Stream events data is input into Splunk events

  • Use ES predictive analytics to make forecasts and view trends


Module 10 – Glass Tables



  • Build glass tables to display security status information

  • Add glass table drilldown options

  • Create new key indicators for metrics on glass tables

Předpoklady

  • Splunk Fundamentals 1

  • Splunk Fundamentals 2

Studijní materiály

V angličtině

Using Splunk Enterprise Security

Vybraný termín:

3.11.2021  Online

Cena
36900 Kč + 21 % DPH

Kontaktovat dodavatele


Kontrola proti spamu. Kolik je jedna a dvě ? Součet zapište číslicemi.