This course covers the analyst workflow in Splunk Enterprise Security. You learn how to investigate notable events, search security data, manage risk scores, and use ES dashboards and frameworks to detect and respond to threats.
Topics include the ES investigation workflow, notable event management, threat intelligence integration, asset and identity management, risk-based alerting, and using the Splunk Security Essentials framework. The course suits security analysts and SOC staff who use Splunk Enterprise Security as their primary threat detection and investigation platform.
By the end of the course, you will be able to use Splunk Enterprise Security to investigate incidents, manage alerts, and monitor your organization’s security posture.
