Course structure
Module 1 – ES Introduction
- Overview of ES features and concepts
Module 2 – Monitoring and Investigation
- Security Posture
- Incident Review
- Notable events management
Module 3 – Security Intelligence
- Overview of security intel tools
Module 4 – Forensics, Glass Tables and Navigation Control
- Explore forensics dashboards
- Examine glass tables
- Configure navigation and dashboard permissions
Module 5 – ES Deployment
- Identify deployment topologies
- Examine the deployment checklist
- Understand indexing strategy for ES
- Understand ES Data Models
Module 6 – Installation and Configuration
- Prepare a Splunk environment for installation
- Download and install ES on a search head
- Test a new install
- Understand ES Splunk user accounts and roles
- Post-install configuration tasks
Module 7 – Validating ES Data
- Plan ES inputs
- Configure technology add-ons
Module 8 – Custom Add-ons
- Design a new add-on for custom data
- Use the Add-on Builder to build a new add-on
Module 9 – Tuning Correlation Searches
- Configure correlation search scheduling and sensitivity
- Tune ES correlation searches
Module 10 – Creating Correlation Searches
- Create a custom correlation search
- Configuring adaptive responses
- Search export/import
Module 11 – Lookups and Identity Management
- Identify ES-specific lookups
- Understand and configure lookup lists
Module 12 – Threat Intelligence Framework
- Understand and configure threat intelligence
- Configure user activity analysis