Detailed Course Outline
Module 1 – Introduction
- The CyberSecurity Defense Analyst
- CIM, Data Models and Correlation Refresh
- Lab 1: Introducing the environment
Module 2 – Splunk Enterprise Security (ES) for Analysts
- What is SIEM again?
- Asset & Identity Framework
- Threat Intelligence Framework
- Notable Event Framework
- Adaptive Response Framework
- Incident Investigation Management in Splunk ES
- Lab 2: Pick up an investigation
Module 3 – Risk Analysis Framework
- Overview
- Lab 3: Continue your investigation with RBA
Module 4 – Working with Splunk SOAR
- Introducing Splunk SOAR
- Lab 4: Splunk SOAR Practice
Module 5 – Threat Hunting with PEAK
- PEAK Framework overview
- Lab 5: Hypothesis-based Threat Hunting Practice
Module 6 – Challenge Lab
- Lab 6: Run your own investigation