Using ES 4.

5
This 13.5 hour course prepares security practitioners to use Splunk
Module 4 Forensic Investigation with ES
Enterprise Security (ES). Students will use ES to identify and track
security incidents, analyze security risks, use predictive analytics, Investigate access domain events
and threat discovery. Investigate endpoint domain events
Investigate network domain events
Course Topics Investigate identity domain events
ES concepts
Security monitoring and Incident investigation Module 5 Risk and Network Analysis
Assets and identities Understand and use Risk Analysis
Detecting known types of threats Use the Risk Analysis dashboard
Monitoring for new types of threats Assign risk scores
Using analytical tools Module 6 Web Intelligence
Analyze user behavior for insider threats Use HTTP Category Analysis, HTTP User Agent Analysis, New
Use risk analysis and threat intelligence tools Domain Analysis, and Traffic Size Analysis to spot new threats
Use protocol intelligence and live stream data Filter and highlight events
Use investigation timelines and journal tools Module 7 User Intelligence
Build glass tables to display security status Evaluate the level of insider threat with the user activity and
access anomaly dashboards
Course Prerequisites Understand asset and identity concepts
Using Splunk, Creating Knowledge Objects, Searching and Use the Asset Investigator to analyze events related to an asset
Reporting with Splunk (recommended). Use the Identity Investigator to analyze events related to an
identity
Class Format Examine asset and identity lookup tables
Instructor-led lecture with labs. Delivered via virtual classroom or at Module 8 Threat Intelligence
your site.
Use the Threat Activity dashboard to analyze traffic to or from
known malicious sites
Course Objectives Inspect the status of your threat intelligence content with the
threat artifact dashboard
Module 1 - Getting Started with ES
Provide an overview of the Splunk App for Enterprise Security Module 9 - Protocol Intelligence
(ES) Use ES predictive analytics to make forecasts and view trends
Identify the differences between traditional security threats and
new adaptive threats Module 10 Glass Tables
Describe correlation searches, data models and notable events Build glass tables to display security status information
Describe user roles in ES Create new key indicators for metrics on glass tables
Log on to ES
About Splunk Education
Module 2 - Security Monitoring and Incident Investigation
Use the Security Posture dashboard to monitor enterprise Splunk classes are designed for specific roles such as Splunk
security status Administrator, Developer, User, Knowledge Manager, or Architect.
Use the Incident Review dashboard to investigate notable
events Certification Tracks
Take ownership of an incident and move it through the Our certification tracks provide comprehensive education for Splunk
investigation workflow customer and partner personnel according to their areas of
Use adaptive response actions during incident investigation responsibility.
Create notable events
To view all of Splunk Education's course offerings, or to register for a
Suppress notable events course, go to http://www.splunk.com/goto/education
Module 3 Investigation Timelines To contact us, email education@splunk.com
Use ES investigation timelines to manage, visualize and
coordinate incident investigations About Splunk Splunk Inc.
Use timelines and journals to document breach analysis and Splunk is software that indexes, 250 Brannan
mitigation efforts manages and enables you to search
data from any application, server or San Francisco, CA 94107
network device in real time. 866.GET.SPLUNK
(866.438.7758)
Visit our website at www.splunk.com sales@splunk.com
to download your own free copy. support@splunk.com

Splunk Education Services