Skip to navigation (Press Enter)
Skip to search (Press Enter)
Skip to course offerings (Press Enter)
Skip to content (Press Enter)

+48 22 639 25 42 Kontakt

USES

Szkolenie online

Modality: L

Trwa 2 dni

Cena (excl. tax)

Polska: US $ 1.500,–
Splunk Training Units: 150 SPC

Rejestracja

Enquire a date

Classroom training

Modality: C

Trwa 2 dni

Cena (excl. tax)

Polska: US $ 1.500,–
Splunk Training Units: 150 SPC

Rejestracja

Enquire a date

Splunk

Using Splunk Enterprise Security (USES) – Zarys informacji

Szczegółowy program szkolenia

Module 1 - ES Fundamentals

Explain the function of a SIEM
Give an overview of Splunk Enterprise Security (ES)
Understand how ES uses data models
Describe detections and findings
Identify ES roles and permissions
Give an overview of ES navigation

Module 2 - Exploring the Analyst Queue

Explore the Analyst Queue
Filtering
Triage Findings and Finding Groups
Create ad hoc Findings
Suppress Findings from the Analyst Queue

Module 3 – Working with Investigations

Give an overview of an investigation
Demonstrate how to create an investigation
Use Response Plans
Add Splunk events to an investigation
Use Playbooks and Actions

Module 4 – Risk-based Alerting

Give an overview of risk and Risk-Based Alerting (RBA)
Explain risk scores and how to change an entity's risk score
Review the Risk Analysis dashboard
Describe annotations
View risk information in Analyst Queue findings

Module 5 – Assets & Identities

Give an overview of the ES Assets and Identities (A&I) framework
Show where asset or identity data is missing from ES findings or dashboards
View the A&I Management Interface
View the contents of an asset or identity lookup table
Identify A&I field matching criteria

Module 6 – Adaptive Responses

Describe Adaptive Responses
Identify the default ES Adaptive Responses
Discuss Adaptive Response invocation methods
Troubleshoot Adaptive Response issues

Module 7 – Security Domain Dashboards

Use ES to inspect events containing information relevant to active or past incident investigation
Identify ES Security Domains
Use the Security Domain dashboards
Launch Security Domain dashboards from the Analyst Queue and from field action menus in search results

Module 8 – Intelligence Dashboards

Use the Web Intelligence dashboards to analyze your network environment
Filter and highlight events
Understand and use User Intelligence dashboards
Use Investigators to analyze events related to an asset or identity
Use Access Anomalies to detect suspicious access patterns

Module 9 – Threat Intelligence

Give an overview of the Threat Intelligence framework
Identify where Threat Intelligence is configured
Observe Threat Findings
View downloaded Threat Indicators
Troubleshooting Threat Intelligence

Module 10 – Protocol Intelligence

Explain how network data is input into Splunk events
Describe stream events
Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data