Administering Splunk Enterprise Security (ASES)

Price
$1,500.00 USD

Duration
2 Days

 

Delivery Methods
Virtual Instructor Led
Private Group

Request More Information
Download Course Details
Course Details Only
Course Details & Schedule
Skip to Class Dates

Course Objectives

  • Examine how ES functions including data models, correlation searches, notable events, and dashboards
  • Review risk-based alerting
  • Customize the Investigation Workbench
  • Learn how to install or upgrade ES
  • Fine tune ES Global Settings
  • Learn the steps to setting up inputs using technology add-ons
  • Create custom correlation searches
  • Customize assets and identities
  • Configure threat intelligence

Who Should Attend?

This course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES).
  • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
  • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
  • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
  • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
  • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
  • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

Course Prerequisites

Agenda

1 - Introduction to ES

  • Review how ES functions
  • Understand how ES uses data models
  • Configure ES roles and permissions

2 - Security Monitoring

  • Customize the Security Posture and Incident Review dashboards
  • Create ad hoc notable events
  • Create notable event suppressions

3 - Risk-Based Alerting

  • Give an overview of risk-based alerting
  • View Risk Notables and risk information on the Incident Review dashboard
  • Explain risk scores and how an ES admin can change an object's risk score
  • Review the Risk Analysis dashboard
  • Describe annotations

4 - Incident Investigation

  • Review the Investigations dashboard
  • Customize the Investigation Workbench
  • Manage investigations

5 - Installation

  • Prepare a Splunk environment for installation
  • Download and install ES on a search head
  • Test a new install
  • Post-install configuration tasks

6 - Initial Configuration

  • Set general configuration options
  • Add external integrations
  • Configure local domain information
  • Customize navigation
  • Configure Key Indicator searches

7 - Validating ES Data

  • Verify data is correctly configured for use in ES
  • Validate normalization configurations
  • Install additional add-ons

8 - Custom Add-ons

  • Design a new add-on for custom data
  • Use the Add-on Builder to build a new add-on

9 - Tuning Correlation Searches

  • Configure correlation search scheduling and sensitivity
  • Tune ES correlation searches

10 - Creating Correlation Searches

  • Create a custom correlation search
  • Manage adaptive responses
  • Export/import content

11 - Asset & Identity Management

  • Review the Asset and Identity Management interface
  • Describe Asset and Identity KV Store collections
  • Configure and add asset and identity lookups to the interface
  • Configure settings and fields for asset and identity lookups
  • Explain the asset and identity merge process
  • Describe the process for retrieving LDAP data for an asset or identity lookup

12 - Threat Intelligence Framework

  • Understand and configure threat intelligence
  • Use the Threat Intelligence Management interface to configure a new threat list
 

Get in touch to schedule training for your team
We can enroll multiple students in an upcoming class or schedule a dedicated private training event designed to meet your organization’s needs.

 



Do You Have Additional Questions? Please Contact Us Below.

contact us contact us 
Contact Us about Starting Your Business Training Strategy with New Horizons