Splunk Enterprise Security Administration

6 courses
11 hours
Skill IQ

A Splunk Enterprise Security (ES) Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customization's.

This skill demonstrates an individual's ability to install, configure, and manage a Splunk Enterprise Security deployment.

Courses in this path

Beginner

In this section, you will review the features and concepts of Splunk Enterprise Security, as well as, how to install, deploy, and configure Splunk Enterprise Security.

Splunk Enterprise Security: Big Picture

by Joe Abraham
51m
(43)

Planning, Deploying, and Configuring Splunk Enterprise Security

by Joe Abraham
1h 34m
(17)

Intermediate

In this section, you will learn to configure and manage Splunk ES dashboards. Next, you will learn how to tune and create correlation searches in Splunk ES. Last, you will learn how to configure threat intelligence in Splunk ES.

Managing Splunk Enterprise Security Data and Dashboards

by Joe Abraham
2h 20m
(12)

Designing and Creating Add-ons for Splunk Enterprise Security

by Joe Abraham
1h 39m

Tuning and Creating Correlation Searches in Splunk Enterprise Security

by Muhammad Awan
2h 43m
(20)

Configuring Threat Intelligence in Splunk Enterprise Security

by Joe Abraham
1h 44m

Try for free

Get this learning path plus top-rated picks in tech skills and other popular topics.

Your 10 day free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this path free for 30 days

What you will learn

Review of the features and concepts of Splunk Enterprise Security
Configure Splunk ES dashboards to reveal insights, monitor, and investigate
Manage Splunk Enterprise Security dashboards
Deploy Splunk Enterprise Security to your SOC environment
Install and Configure Splunk Enterprise Security
Customize Splunk Enterprise Security data
Create custom add ons to enhance visibility
Tune correlation searches for use in Splunk Enterprise Security
Create correlation searches for use in Splunk ES
Add context to data using lookups and identities
Deploy Splunk ES security intelligence tools
Use the Splunk threat inteligence framework

Experience

Knowledge of basic networking concepts (CompTIA Network+)
Knowledge of the fundamental information security concepts (CompTIA Security+)
Knowledge and skill of security event triage
Knowledge and skill of incident response and handling
Basic competence of using Splunk Enterprise

Learn with the best

Joe Abraham

Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child... more

Muhammad Awan

Muhammad Awan is a Senior Splunk Admin in working in Public Sector. Has been associated with Splunk and data science related technologies for a decade. Splunk Certified Admin and Splunk Certified Power User. Microsoft Certified Solutions Exert and Microsoft Certified Solutions Associate (Office 365) MCSA (Messaging). Experience with Networks and Security technologies. He has been mentoring and teaching at various universities as a visiting faculty in the past. Loves to acquire new skills and dis... more

Contact Sales

Splunk Enterprise Security Administration