Splunk SIEM Security
Splunk SIEM (Security Information and Event Management) training is an industry-designed course for gaining expertise in Splunk Enterprise Security (ES). This is the best online training course to learn how to identify and track security incidents, security risk analysis, deploying threat intelligence tools, predictive analytics and detecting various types of threats through hands-on projects and case studies.
Duration: 30hrs
Course Content:
Introduction to Splunk Security
Understanding the fundamentals of Splunk Security, details of the traditional security threats, describing correlation searches, what is a security data model.
Investigation and Monitoring
How to monitor the dashboard and brief on each panel, investigating notable events with incident review dashboards, workflow investigation, relative action on identified flow.
Investigations
Deploying ES investigation timelines for managing, visualizing and coordinating incident investigations, using journals and timelines for documenting breach analysis and efforts needed to mitigate the issues.
Risk and Network Analysis
Deploying risk analysis and identification, risk dashboard utilization, how to manage the risk scores for objects and users.
Web Intelligence
Using HTTP category analysis, HTTP user agent analysis, analyzing new domain, analyzing traffic size for spotting new threats, highlighting investigable events.
User Intelligence
Accessing the anomaly dashboards for user role and access logs, understanding the identity and asset concepts.
Threat Intelligence
Monitoring the malicious sites with threat activity dashboard, inspecting threat intelligence content with threat artifact dashboard.