Splunk SIEM Administration

Splunk SIEM (Security Information and Event Management) training is an industry-designed course for gaining expertise in Splunk Enterprise Security (ES). This is the best online course to learn how to identify and track security incidents, security risk analysis, deploying threat intelligence tools, predictive analytics and detecting various types of threats through hands-on projects and case studies.

4 Days Course

Lesson 1

Introduction to SPLUNK

  • Run basic searches
  • Identify the contents of search results
  • Control a search job
  • Set the time range of a search

Lesson 2

SPLUNK Installation

  • Requirement before installation
  • Splunk Installation on window & Linux

 

Lesson 3

Introduction to SPLUNK

  • Describe Authentication
  • Set Authentication
  • Maintain user & groups under splunk

Lesson 4

SPLUNK Log Architecture

  • Importance of logs
  • Centralized Log Architecture
  • Maintain and monitor Logs

Lesson 5

SPLUNK Using Search

  • Export search results
  • Save and share search results
  • Save searches
  • Schedule searches

Lesson 6

SPLUNK Fields

  • Understand fields
  • Use fields in searches
  • Use the fields sidebar

Lesson 7

SPLUNK Tags and Event Types

  • Introduce tags
  • Set tags and use tags in a search
  • Configure event types and their uses
  • Set and use event types in a search

Lesson 8

SPLUNK Alerts

  • Describe alerts
  • Set Alert
  • Monitoring alerts

Lesson 9

SPLUNK Indexing

  • Describe Indexing
  • Set Index

Lesson 10

SPLUNK Dashboard

  • Describe Dashboard
  • Configure Dashboard