ASESGE - Administration Splunk Enterprise Security - Online Training - Webinar von Fast Lane Institute for Knowledge Transfer

Module 1 – Introduction to ES

• Review how ES functions
• Understand how ES uses data models
• Configure ES roles and permissions

Module 2 – Security Monitoring

• Customize the Security Posture and Incident Review dashboards
• Create ad hoc notable events
• Create notable event suppressions

Module 3 – Risk-Based Alerting

• Explain Risk-Based Alerting
• Explain risk scores
• Review the Risk Analysis dashboard
• Use annotations
• Explain ways to assign risk

Module 4 – Incident Investigation

• Review the Investigations dashboard
• Customize the Investigation Workbench
• Manage investigations

Module 5 – Installation

• Prepare a Splunk environment for installation
• Download and install ES on a search head
• Test a new install
• Post-install configuration tasks

Module 6 – Initial Configuration

• Set general configuration options
• Add external integrations
• Configure local domain information
• Customize navigation
• Configure Key Indicator searches

Module 7 – Validating ES Data

• Verify data is correctly configured for use in ES
• Validate normalization configurations
• Install additional add-ons

Module 8 – Custom Add-ons

• Design a new add-on for custom data
• Use the Add-on Builder to build a new add-on

Module 9 – Tuning Correlation Searches

• Configure correlation search scheduling and sensitivity
• Tune ES correlation searches

Module 10 – Creating Correlation Searches

• Create a custom correlation search
• Manage adaptive responses
• Export/import content

Module 11 – Asset & Identity Management

• Review the Asset and Identity Management interface
• Describe Asset and Identity KV Store collections
• Configure and add asset and identity lookups to the interface
• Configure settings and fields for asset and identity lookups
• Explain the asset and identity merge process
• Describe the process for retrieving LDAP data for an asset or identity lookup

Module 12 – Managing Threat Intelligence

• Understand and configure threat intelligence Splunk Education Services
• Use the Threat Intelligence Management interface to configure a new threat list