Who should attend
This 13.5-hour module prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES).
This course is part of the following Certifications:
To be successful, students should have a solid understanding of the following module:
- Splunk Fundamentals 1 and 2 (Retired)
Or the following single-subject modules:
Students should also have completed the following courses:
- Examine how ES functions including data models, correlation searches, notable events, and dashboards
- Review risk-based alerting
- Customize the Investigation Workbench
- Learn how to install or upgrade ES
- Fine tune ES Global Settings
- Learn the steps to setting up inputs using technology add-ons
- Create custom correlation searches
- Customize assets and identities
- Configure threat intelligence
It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.
Please note that this class may run over three days, with 4.5 hour sessions each day, to achieve the full nine hours of course content.