Managing Splunk Enterprise Security Data and Dashboards

Focused View

Joe Abraham

2:19:43

115 View

0. Course Overview

0. Course Overview.mp4

02:29

1. Configuring Data Inputs for Splunk Enterprise Security

0. Introduction.mp4

03:42

1. Course Information.mp4

03:42

2. CIM Compatibility.mp4

03:37

3. Data Models Demo.mp4

06:26

4. Exploring More Data Model Information .mp4

04:18

5. Endpoint Data.mp4

03:19

6. Endpoint Data Demo.mp4

06:11

7. Authentication Data.mp4

03:15

8. Closing It Out!.mp4

01:33

2. Examining Security Posture and Metrics

0. Introducing the Security Posture Dashboard.mp4

01:43

1. What Are Key Indicators-.mp4

04:33

2. Creating Key Indicators.mp4

04:28

3. Exploring the Security Posture Dashboard.mp4

02:44

4. Glass Tables.mp4

03:44

5. Creating Glass Tables for Metrics.mp4

03:44

6. Wrapping up Security Posture.mp4

01:41

3. Managing the Incident Review Dashboard

0. Introducing the Incident Review Dashboard.mp4

01:29

1. Whats a Notable Event-.mp4

03:47

2. Creating a Notable Event.mp4

05:12

3. The Incident Review Dashboard.mp4

03:09

4. Understanding the Incident Review Dashboard Information.mp4

02:36

5. Working with the Incident Review Dashboard.mp4

03:21

6. Module Summary.mp4

02:23

4. Exploring Additional Dashboards and Features

0. Additional Splunk Dashboards.mp4

01:39

1. The Audit Dashboards.mp4

04:18

2. Audit Dashboard Demo.mp4

04:13

3. Security Domains.mp4

04:44

4. Security Domains Demo .mp4

04:35

5. Dashboard Permissions and Configurations.mp4

03:23

6. Configuring Dashboards Demo.mp4

07:37

7. Closing Out Dashboards.mp4

01:16

5. Managing Investigations in Splunk Enterprise Security

0. Introducing Investigations in Splunk ES.mp4

01:54

1. Working with Investigations.mp4

03:12

2. Investigation Workflow Demo.mp4

07:40

3. Managing the Investigations Dashboard.mp4

04:04

4. Managing and Configuring Investigation Objects.mp4

04:55

5. Lets Wrap!.mp4

03:07

Description

Splunk Enterprise Security is a premium application used within the Splunk deployment to help with SOC operations. This course will teach you how to manage your data, and manage the dashboards and feature using the data.

What You'll Learn?

Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Managing Splunk Enterprise Security Data and Dashboards, you’ll learn how to get the data usable for Splunk Enterprise Security and see how it can add to the function and uses of dashboards and features within the application. First, you’ll learn about the data ingestion and work through examples taking data and making it CIM-compatible for use for specific dashboards and features. Next, you’ll discover how to manage the dashboards that are available to you and how to modify them and the data to correspond to each other. Finally, you’ll learn how to configure and use features like the glass tables, forensics and investigation dashboards, and others. When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise Security needed to start ingesting data and administering it appropriately.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Data Analysis

Windows Server

Joe Abraham

Instructor's Courses

Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three children, exercising, researching and writing about technology, or learning new technologies. Spending much of his experience helping to train and educate IT professionals, he is passionate about teaching and always strives to be a positive influence in the IT field.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.