Who should attend
- SOC Analyst
- SOC Engineer
Certifications
This course is part of the following Certifications:
Prerequisites
To be successful, students must have completed the following Splunk Education course:
Students should also be familiar with the topics covered in the following courses:
- Intro to Splunk
- Using Fields (SUF)
- Visualizations
- Search Under the Hood
- Intro to Knowledge Objects
- Creating Knowledge Objects (CKO)
- Creating Field Extractions (CFE)
- Enriching Data with Lookups (EDL)
- Data Models (SDM)
- Introduction to Dashboards (ITD)
- Splunk Enterprise System Administration (SESA) AND Splunk Enterprise Data Administration (SEDA) OR Splunk Cloud Administration (SCA)
Course Content
This course is for ES Administrators and Engineers.
This 13.5-hour instructor-led course enables SOC Engineers to use Splunk’s Enterprise Security SIEM for detection engineering, incident response, automation, asset and identity configuration, and threat intelligence management. Other topics include ES event processing and normalization, managing risk, data models, deployment requirements, technology add-ons, and dashboard dependencies.
This course may be delivered over two or three days, with 13.5 total hours of content.
English
German
French
Italian
Polish
Germany