Administering Splunk Enterprise Security (ASES)
Ziele der Schulung
This course is for ES Administrators and Engineers.
This 13.5-hour instructor-led course enables SOC Engineers to use Splunk’s Enterprise Security SIEM for detection engineering, incident response, automation, asset and identity configuration, and threat intelligence management. Other topics include ES event processing and normalization, managing risk, data models, deployment requirements, technology add-ons, and dashboard dependencies..
This course may be delivered over two or three days, with 13.5 total hours of content.
Zielgruppe Seminar
- Splunk Administrator
- Security Specialist
Voraussetzungen
To be successful, students must have completed the following Splunk Education course:
Students should also be familiar with the topics covered in the following courses:
- Intro to Splunk
- Using Fields (SUF)
- Visualizations
- Search Under the Hood
- Intro to Knowledge Objects
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
- Splunk Enterprise System Administration (SESA) AND Splunk Enterprise Data Administration (SEDA) OR Splunk Cloud Administration (SCA)
Lernmethodik
Die Schulung bietet Ihnen eine ausgewogene Mischung aus Theorie und Praxis in einer erstklassigen Lernumgebung. Profitieren Sie vom direkten Austausch mit unseren projekterfahrenen Trainern und anderen Teilnehmern, um Ihren Lernerfolg zu maximieren.
Seminarinhalt
Module 1 - Introduction to Enterprise Security
- Explain the function of a SIEM
- Give an overview of Splunk’s Enterprise Security (ES)
- Describe detections and findings
- Configure ES roles and permissions
- Give an overview of ES navigation
Module 2 - Customizing the Analyst Queue and findings
- Give an overview of the Analyst Queue
- Create and use Analyst Queue Views
- Customize the Analyst Queue
- Modify Urgency
- Create new Status values
- Add fields to Finding attributes
- Create ad hoc Findings
- Suppress Findings
Module 3 - Working with Investigations
- Give an overview of an investigation
- Use and create Response Plans
- Add Splunk events to an investigation
- Use Playbooks and Actions
Module 4 - Asset & Identity Management
- Review the Asset and Identity Management interface
- Describe Asset and Identity KV Store collections
- Configure and add asset and identity lookups to the interface
- Configure settings and fields for asset and identity lookups
- Explain the asset and identity merge process
- Describe the process for retrieving LDAP data for an asset or identity lookup
Module 5 - Data Normalization
- Understand how ES uses accelerated data models
- Verify data is correctly configured for use in ES
- Validate normalization configurations
- Install additional add-ons
- Ingest custom data in ES
- Create an add-on for a custom sourcetype
- Describe add-on troubleshooting
Module 6 - Detection Engineering
- Give an overview of how to create Event-based detections
- Review the Detection Editor
- Give an overview of how to create Finding-based detections
Module 7 - Risk-Based Alerting
- Give an overview of Risk-Based Alerting (RBA)
- Explain risk scores and how they can be changed by detections or manually
- Review the Risk analysis dashboard
- Understand Finding-based detections
- Describe annotations
- View risk information in Analyst Queue findings
Module 8 - Managing Threat Intelligence
- Understand and configure threat intelligence
- Use the Threat Intelligence interface to configure threat lists
- Configure new threat lists
Module 9 - Post-Deployment Configuration
- Give an overview of general ES install requirements
- Explain the different add-ons and where they are installed
- Provide ES pre-installation requirements
- Describe the Splunk_TA_ForIndexers app and where it is installed
- Set general configuration options
- Configure local and cloud domain information
- Work with the Incident Review KV Store
- Customize navigation
- Configure Key Indicator searches
Hinweise
Partner
Dieses Seminar bieten wir in Kooperation mit unserem Splunk Learning Partner Fast Lane Institute for Knowledge Transfer GmbH an.
Open Badge für dieses Seminar - Ihr digitaler Kompetenznachweis
Durch die erfolgreiche Teilnahme an einem Kurs bei IT-Schulungen.com erhalten Sie zusätzlich zu Ihrem Teilnehmerzertifikat ein digitales Open Badge (Zertifikat) – Ihren modernen Nachweis für erworbene Kompetenzen.
Ihr Open Badge ist jederzeit in Ihrem persönlichen und kostenfreien Mein IT-Schulungen.com-Konto verfügbar. Mit wenigen Klicks können Sie diesen digitalen Nachweis in sozialen Netzwerken teilen, um Ihre Expertise sichtbar zu machen und Ihr berufliches Profil gezielt zu stärken.
Übersicht: Splunk Schulungen Portfolio
Gesicherte Kurstermine
| Termin | Standort | Aktion |
|---|---|---|
| 04.03. - 05.03.2026 | Virtual Classroom (online) | |
| 01.04. - 02.04.2026 | Hamburg | |
| 27.05. - 28.05.2026 | München | |
| 29.07. - 30.07.2026 | Frankfurt am Main | |
| 28.10. - 29.10.2026 | Berlin | |
| 09.12. - 10.12.2026 | München |
Seminare kurz vor der Durchführung
| Termin | Standort | Aktion |
|---|---|---|
| 18.02. - 19.02.2026 | Hamburg | |
| 04.03. - 05.03.2026 | Köln | |
| 01.04. - 02.04.2026 | München | |
| 27.05. - 28.05.2026 | Köln |
