Using Splunk Enterprise Security

Základní info

Popis kurzu

This 13.5 hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students will use ES to identify and track security incidents, analyze security risks, use predictive analytics, and threat discovery.


This 13.5 hour course prepares security practitioners to use Splunk Enterprise Security (ES). Students will use ES to identify and track security incidents, analyze security risks, use predictive analytics, and threat discovery.

Obsah kurzu

Module 1 - Getting Started with ES



  • Describe the features and capabilities of Splunk Enterprise Security (ES)

  • Explain how ES helps security practioners prevent, detect, and respond to threats

  • Describe correlation searches, data models and notable events

  • Describe user roles in ES

  • Log into Splunk Web and access Splunk for Enterprise Security


Module 2 - Security Monitoring and Incident Investigation



  • Use the Security Posture dashboard to monitor ES status

  • Use the Incident Review dashboard to investigate notable events

  • Take ownership of an incident and move it through the investigation workflow

  • Use adaptive response actions during incident investigation

  • Create notable events

  • Suppress notable events


Module 3 –  Risk-Based Alerting



  • Give an overview of Risk-Based Alerting

  • View Risk Notables and risk information on the Incident Review dashboard

  • Explain risk scores and how to change an object's risk score 

  • Review the Risk Analysis dashboard

  • Describe annotations

  • Describe the process for retrieving LDAP data for an asset or indentify lookup


Module 4 – Investigations



  • Use investigations to manage incident response activity

  • Use the investigation Workbench to manage, visualize and coordinate incident investigations

  • Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)

  • Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts


Module 5 – Using Security Domain Dashboard



  • Use ES to inspect events containing information relevant to active or past incident investigation

  • Identify security domains in ES

  • Use ES security domain dashboards

  • Launch security domain dashboards from incident Review and from action menus in search results


Module 6 – Web Intelligence



  • Use the web intelligence dashboards to analyze your network environment

  • Filter ad highlight events


Module 7 – User Intelligence



  • Evaluate the level of insider threat with the user activity and access anomaly dashboards

  • Understand asset and identity concepts

  • Use the Asset and identify Investigator to analyze events 

  • Use the session center for identity resolution

  • Discuss Splunk User Behavior Analytics (UBA) integration 


Module 8 – Threat Intelligence



  • Give an overview of the Threat Intelligence framework abd how threat intel is configured in ES

  • Use the Threat Activity dashboard to see which threat sources are interacting with your environment

  • Use the Threat Artifacts dashboard to examine the status of threat intelligence information in your environment


Module 9 - Protocol Intelligence



  • Explain how network data is input into Splunk events

  • Describe Stream events 

  • Give an overview of the Protocol intelligence dashboards and how they can be used to analyze network data

Předpoklady

  • Splunk Fundamentals 1

  • Splunk Fundamentals 2

Studijní materiály

V angličtině

Using Splunk Enterprise Security

Vybraný termín:

2.2.2022  Online

Cena

Kontaktovat dodavatele


Kontrola proti spamu. Kolik je čtyři a tři ? Součet zapište číslicemi.