Course Overview

This course is part of the Defense Analyst learning path and is intended for learners who want to begin or advance a career as a Security Analyst within a SOC, as well as defense engineers and Splunk Enterprise Security or Splunk SOAR administrators who provide support to these roles.

In this course you will learn and practice how to conduct investigations using Splunk Enterprise Security features, including Risk Based Alerting, through best practices shared by our security champions, as well as practice some common tasks using Splunk SOAR. You will also learn about the PEAK Threat Hunting framework and will apply its basic concepts in a hypothesis-driven threat-hunting exercise.

Who should attend

SOC Analysts
Defense Engineers
Splunk Admins who support these roles

Prerequisites

To be successful students should have a basic understanding of common cyber technologies and concepts including:

OSI Model
Networking concepts and common security tools
Common Operative Systems like Windows and Linux

The following Splunk courses are also highly recommended:

Intro to Splunk
Using fields
Previous courses in the Defense Analyst learning path

Course Objectives

At the end of this course you should be able to:

Describe SIEM best practices and basic operation concepts of Splunk Enterprise Security, including the interaction between CIM, Data Models, and acceleration, and common CIM fields that may be used in investigations
Carry out a typical triage and investigation process using Splunk Enterprise Security
Describe the purpose of the Asset and Identity, and Threat Intelligence frameworks in ES
Define Splunk ES elements like Notable Event, Risk Notable, Adaptive Response Action, Risk Object, Contributing Events.
Identify common built-in dashboards in Enterprise Security and the basic information they contain.
Explain the use of SOAR playbooks and list the basic ways they can be triggered from Enterprise Security
Explain the essentials of Risk-based Alerting and the Risk framework
List the common high-level steps of threat hunting using the PEAK framework and practice some common steps of hypothesis hunting with Splunk.

Preise & Trainingsmethoden

Online Training

Dauer
9 Stunden

Preis

1.000,– € (exkl. MwSt.)
1.190,– € (inkl. 19% MwSt.)
Splunk Training Units: 100 SPC
exkl. MwSt.

Termine und Buchen

Termin anfragen

Classroom Training

Dauer
9 Stunden

Preis

Deutschland:
1.000,– € (exkl. MwSt.)
1.190,– € (inkl. 19% MwSt.)
Schweiz:
CHF 1.100,– (exkl. MwSt.)
CHF 1.189,10 (inkl. 8.1% MwSt.)
Splunk Training Units: 100 SPC
exkl. MwSt.

inkl. Verpflegung

Termine und Buchen

Termin anfragen

Kurstermine

Garantietermin: Kursdurchführung unabhängig von der Teilnehmerzahl garantiert. Ausgenommen sind unvorhersehbare Ereignisse (z.B. Unfall, Krankheit der Trainer), die eine Kursdurchführung unmöglich machen.

Instructor-led Online Training: Kursdurchführung online im virtuellen Klassenraum.

Englisch

6 Stunden Differenz zu Mitteleuropäische Zeit (MEZ)

20.01. – 21.01.2026 Online Training Zeitzone: Eastern Standard Time (EST) Kurssprache: Englisch

18.03. – 19.03.2026 Online Training Zeitzone: Central Daylight Time (CDT) Kurssprache: Englisch

07.07. – 08.07.2026 Online Training Zeitzone: Eastern Daylight Time (EDT) Kurssprache: Englisch

19.10. – 20.10.2026 Online Training Zeitzone: Eastern Daylight Time (EDT) Kurssprache: Englisch

7 Stunden Differenz zu Mitteleuropäische Zeit (MEZ)

03.12. – 04.12.2026 Online Training Zeitzone: Central Standard Time (CST) Kurssprache: Englisch

9 Stunden Differenz zu Mitteleuropäische Zeit (MEZ)

19.10. – 20.10.2026 Online Training Zeitzone: Pacific Daylight Time (PDT) Kurssprache: Englisch

Polnisch

Europäische Zeitzonen

24.11. – 25.11.2025 Online Training Kurssprache: Polnisch Garantietermin!