Configuring Threat Intelligence in Splunk Enterprise Security

Focused View

Joe Abraham

1:41:35

128 View

0. Course Overview

0. Course Overview.mp4

01:55

1. Exploring Splunk Threat Intelligence

0. Defining Threat Intelligence.mp4

05:38

1. Learning About Threat Intelligence .mp4

04:28

2. Common Threat Intelligence Sources and Formats.mp4

05:18

3. Splunk Enterprise Security Threat Intelligence Feeds .mp4

04:05

4. Exploring Threat Intelligence Feeds.mp4

07:20

5. The Threat Intelligence Workflow.mp4

02:16

2. Understanding Splunk Security Intelligence Tools

0. Learning About Intelligence Tools.mp4

02:45

1. Exploring Generic Intelligence.mp4

03:02

2. Configuring Generic Intelligence.mp4

05:22

3. Additional Generic Intelligence Configuration.mp4

05:11

4. Analyzing Intelligence Dashboards.mp4

04:57

5. Using the Intelligence Tools.mp4

05:43

6. Risk Analysis.mp4

01:42

3. Detailing the Splunk Threat Intelligence Framework

0. Whats the Threat Intelligence Framework-.mp4

01:42

1. Understanding the Frameworks Flow.mp4

01:41

2. Threat Intelligence Integration Points.mp4

02:35

3. Additional Intelligence Dashboards.mp4

04:21

4. Deep Diving User Intelligence.mp4

02:45

5. Wrapping Up User Intelligence .mp4

05:16

4. Configuring Threat Intelligence Sources

0. Configuring Threat Intelligence in Splunk ES.mp4

08:00

1. Validating Threat Intelligence Using Lookups.mp4

03:39

2. Use Case- Brute Force Attack and MITRE Pivot.mp4

05:27

3. Continuing the Brute Force Attack Use Case.mp4

04:20

4. Putting It All Together.mp4

02:07

Description

Splunk Enterprise Security is a premium application used within the Splunk deployment to help with SOC operations. This course will teach you how to configure various threat intelligence sources for use within Splunk Enterprise Security.

What You'll Learn?

Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Configuring Threat Intelligence in Splunk Enterprise Security, you’ll learn how to get this information into the tool from various sources. First, you’ll learn about threat intelligence and the different formats it comes in. Next, you’ll learn about the Splunk Threat Intelligence Framework and how to use it in order to enrich your data. You’ll look at the threat intelligence tools that we can use in the application as well. Finally, you’ll learn how to configure the threat intelligence sources and parse the data in order to get what you need for Splunk Enterprise Security.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Information Security

Network Engineering

Joe Abraham

Instructor's Courses

Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three children, exercising, researching and writing about technology, or learning new technologies. Spending much of his experience helping to train and educate IT professionals, he is passionate about teaching and always strives to be a positive influence in the IT field.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.