Splunk Siem Administration

Splunk SIEM Administration

Splunk SIEM (Security Information and Event Management) training is an industry-designed course for gaining expertise in Splunk Enterprise Security (ES). This is the best online course to learn how to identify and track security incidents, security risk analysis, deploying threat intelligence tools, predictive analytics and detecting various types of threats through hands-on projects and case studies.

4 Days ( 1 day = 8Hrs ) Course

Introduction to SPLUNK

  • Run basic searches
  • Identify the contents of search results
  • Control a search job
  • Set the time range of a search

SPLUNK Installation

  • Requirement before installation
  • Splunk Installation on window & Linux

Introduction to SPLUNK

  • Describe Authentication
  • Set Authentication
  • Maintain user & groups under splunk

SPLUNK Log Architecture

  • Importance of logs
  • Centralized Log Architecture
  • Maintain and monitor Logs

SPLUNK Using Search

  • Export search results
  • Save and share search results
  • Save searches
  • Schedule searches

SPLUNK Fields

  • Understand fields
  • Use fields in searches
  • Use the fields sidebar

SPLUNK Tags and Event Types

  • Introduce tags
  • Set tags and use tags in a search
  • Configure event types and their uses
  • Set and use event types in a search

SPLUNK Alerts

  • Describe alerts
  • Set Alert
  • Monitoring alerts

SPLUNK Indexing

  • Describe Indexing
  • Set Index

SPLUNK Dashboard

  • Describe Dashboard
  • Configure Dashboard