Detailed Course Outline
Module 1 – Introduction
- The CyberSecurity Defense Analyst
- CIM, Data Models and Correlation Refresh
- Lab 1: Introducing the environment
Module 2 – Splunk Enterprise Security (ES) for Analysts
- Asset & Identity Framework
- Threat Intelligence Framework
- Notable Event Framework
- Adaptive Response Framework
- Incident Investigation Management in Splunk ES
- Lab 2: Pick up an investigation
Module 3 – Risk Analysis Framework
- Lab 3: Continue your investigation with RBA
Module 4 – Working with Splunk SOAR
- Lab 4: Splunk SOAR Practice
Module 5 – Threat Hunting Introduction
- Lab 5: Hunting with Windows Event Codes
Module 6 – Threat Hunting with PEAK: Hypothesis-based Hunt
- Lab 6: Hypothesis-based Threat Hunting Practice
Module 7 – Threat Hunting with PEAK: Baseline Hunt
- Lab 7: Baseline Threat Hunting Practice
This lab experience is using the following Splunk tools:
- Splunk Enterprise Version: 9.1.1
- Enterprise Security (ES) Version: 8.1.0
- Splunk SOAR Version: 6.4.1