Autoplay
Autocomplete
Previous Lesson
Complete and Continue
SIEM Analyst Foundations with Splunk
1.0 Introduction
Welcome to the Introduction to Splunk Program! (0:29)
About the Instructor (1:18)
What to Expect (1:34)
Course Syllabus
Article - Splunk State of the Security 2022
2.0 SIEM Fundamental's
What exactly is a SIEM? (11:43)
Understanding why Monitoring, Detection, Logging and Collection in a SIEM platform (16:56)
UBEA (User Behavior Analytics) (7:21)
Business Scenario
Assignments
Quiz
3.0 Splunk Basics
What the Hell is Splunk and why do firms use Splunk? (6:25)
Defining Splunk Apps (12:46)
Navigating through Splunk Web and customizing your user settings (15:32)
Assignments
Quiz
4.0 Core Architecture
What is a Forwarder? (9:07)
What is an Indexer? (8:48)
What exactly is a Search Head? (9:02)
Full Data Pipeline Process (10:26)
Assignments
Quiz
Article - Splunk Fast-track-your-multicloud-monitoring-initiative
5.0 Downloading and Installing Splunk Enterprise
Creating a Splunk and AWS Account (2:29)
Downloading Splunk Enterprise on a Linux Machine (17:53)
Configuring your AWS Instance and Logging into Splunk Web (6:04)
Assignments
Quiz
6.0 Basic Searching
Search and Reporting App Running Basic Searches (12:56)
Best practices for setting the time range (6:39)
Contents of Search Results and Saving your Search Results (5:26)
Assignments
Quiz
7.0 Ingesting Data
Learning the 3 primary ways to get data into Splunk (10:34)
Doing a static ingestion of our datasets for the lab environment (8:47)
Onboarding Data Using Lookup Table (12:02)
Assignments
Quiz
8.0 Search Language Fundamentals and Understanding Fields
Reviewing basic search commands (8:50)
Using the Following commands to perform searches: tables, rename fields, dedup & sort (12:12)
Search Best Practices (9:58)
Assignments
Quiz
Article - Elastic Guide-to-high-volume-data-sources-for-siem
9.0 Using Basic Transforming Commands
The top command (6:19)
The rare command (3:11)
The stats command (8:19)
Assignments
Quiz
10.0 Creating Reports and Dashboards
Understanding what exactly a Report and a Dashboard is (6:44)
How to create Reports (7:46)
How to create Dashboards (17:49)
Capstone/Assignment
Quiz
Capstone Presentation tips and Tricks (7:41)
11.0 Creating Scheduled Reports and Alerts
Describing and Configuring Scheduled Reports (6:54)
Describing and Creating Alerts (6:02)
Capstone/Assignments
Quiz
12.0 Welcome to Part 2 of the Introduction Program!
What to Expect. (1:59)
Overview of Part One of the Introduction Program (4:27)
Preparing to Start Part 2 of the Program (6:35)
Business Scenario Part 2
Assignment
13.0 More Transforming Commands and Visualization's
Using and understanding the Chart Command (14:13)
Using and understanding the Timechart Command (8:14)
Assignment
Quiz
14.0 How to Filter and Format Results
Understanding and using the Eval Command (9:43)
Learning to filter results by using the search and where commands (10:48)
Understanding and using the fillnull command (6:45)
Assignment
Quiz
Article - Microsoft Security How the Cloud is Transforming Security Operations
15.0 Knowledge Objects Tags and Event Types
Learning understanding how to create and use field aliases (17:32)
Learning understanding how to use calculated fields (8:47)
Understanding and using tags (10:47)
Describing and creating event types (6:13)
Learning how to create Workflows (7:37)
Assignment
Quiz
16.0 Understanding what and how to use a Data Model
Learning the differences between a data model and a pivot (6:10)
Creating a Data Model (15:17)
Creating a Pivot based off of a Data Model (5:47)
Assignment
Quiz
17.0 Using and Understanding the Common Information Model (CIM) Add-On
Understanding what the Splunk CIM is and why it is important (5:11)
Listing the knowledge objects that come with the Splunk CIM Add-On (4:41)
Assignment
Quiz
Capstone 2
Parting Words (1:12)
Bonus Content
Splunk Security Essential's (10:28)
18.0 Ingesting and Searching Windows Logs
How to properly onboard Windows Data (15:34)
Splunking Windows Logs (16:35)
Building Detection Rules from Windows Event Codes (15:34)
Assignment
Quiz
Splunking Windows Logs
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock