Zur Navigation springen (Enter drücken)
Zur Suche springen (Enter drücken)
Zum Kursangebot springen (Enter drücken)
Zum Seiteninhalt springen (Enter drücken)

+49 40 253346-10 Kontakt

ASES

Online Training

Dauer
2 Tage

Preis

1.500,– € (exkl. MwSt.)
1.785,– € (inkl. 19% MwSt.)
Splunk Training Units: 150 SPC
exkl. MwSt.

Termine und Buchen

Termin anfragen

Classroom Training

Dauer
2 Tage

Preis

Deutschland:
1.500,– € (exkl. MwSt.)
1.785,– € (inkl. 19% MwSt.)
Schweiz:
CHF 1.650,– (exkl. MwSt.)
CHF 1.783,65 (inkl. 8.1% MwSt.)
Splunk Training Units: 150 SPC
exkl. MwSt.

inkl. Verpflegung

Termine und Buchen

Termin anfragen

Onsite Training

Kurs anfragen

Splunk

Administering Splunk Enterprise Security (ASES) – Details

Detaillierter Kursinhalt

Module 1 – Introduction to ES

Review how ES functions
Understand how ES uses data models
Describe correlation searches, adaptive response actions, and notable events
Configure ES roles and permissions

Module 2 – Security Monitoring

Customize the Security Posture and Incident Review dashboards
Create ad hoc notable events
Create notable event suppressions

Module 3 – Risk-Based Alerting

Give an overview of Risk-Based Alerting (RBA)
Explain risk scores and how they can be changed
Review the Risk Analysis dashboard
Describe annotations
View Risk Notables and risk information

Module 4 – Incident Investigation

Review the Investigations dashboard
Customize the Investigation Workbench
Manage investigations

Module 5 – Installation

Give an overview of general ES install requirements
Explain the different add-ons and where they are installed
Provide ES pre-installation requirements
Identify steps for downloading and installing ES

Module 6 – General Configuration

Set general configuration options
Configure local and cloud domain information
Work with the Incident Review KV Store
Customize navigation
Configure Key Indicator searches

Module 7 – Validating ES Data

Verify data is correctly configured for use in ES
Validate normalization configurations
Install additional add-ons

Module 8 – Custom Add-ons

Ingest custom data in ES
Create an add-on for a custom sourcetype
Describe add-on troubleshooting

Module 9 – Tuning Correlation Searches

Describe correlation search operation
Customize correlation searches
Describe numeric vs. conceptual thresholds

Module 10 – Creating Correlation Searches

Create a custom correlation search
Manage adaptive responses
Export/import content

Module 11 – Asset & Identity Management

Review the Asset and Identity Management interface
Describe Asset and Identity KV Store collections
Configure and add asset and identity lookups to the interface
Configure settings and fields for asset and identity lookups
Explain the asset and identity merge process
Describe the process for retrieving LDAP data for an asset or identity lookup

Module 12 – Managing Threat Intelligence

Understand and configure threat intelligence
Use the Threat Intelligence Management interface
Configure new threat lists

Module 13 – Supplemental Apps

Review apps to enhance the capabilities of ES including, Mission Control, SOAR, UBA, Cloud-based Streaming Analytics, PCI Compliance, Fraud Analytics, and Lookup File Editor

Kontakt