Tuning and Creating Correlation Searches in Splunk Enterprise Security

Focused View

Muhammad Awan

2:50:48

153 View

0. Course Overview

0. Course Overview.mp4

03:09

1. The Anatomy and Functions of Correlation Searches

0. Overview.mp4

01:43

1. Setting up the Demo Environment.mp4

02:53

2. What Are Correlation Searches-.mp4

03:20

3. Components and Functions of Correlation Searches.mp4

06:32

4. Demo- Exploring, Enabling and Running Correlation Searches.mp4

06:32

5. Summary.mp4

00:48

2. Tuning Correlation Searches

0. Overview.mp4

01:06

1. Correlation Search Life-cycle.mp4

01:49

2. Components of a Correlation Search.mp4

07:36

3. Demo- Components of a Correlation Search.mp4

04:33

4. Demo- Dissecting Risk Analysis and Notable Response Actions.mp4

09:39

5. Demo- Cloning a Correlation Search and Adding Incident Review Attributes.mp4

06:14

6. Understanding Thresholds in Correlation Searches.mp4

02:43

7. Demo- Understanding Thresholds in Correlation Searches.mp4

04:24

8. Summary.mp4

01:54

3. Creating Correlation Searches

0. Overview.mp4

01:20

1. Defining Use-case and Planning the Correlation Search.mp4

08:09

2. Demo- (Part 1) Designing, Developing, Testing and Deploying a Correlation Search.mp4

07:49

3. Demo- (Part 2) Designing, Developing, Testing and Deploying a Correlation Search.mp4

07:49

4. Adaptive Response Actions Overview.mp4

01:39

5. Summary.mp4

01:23

4. Importing and Exporting Correlation Searches

0. Overview.mp4

03:38

1. Exporting Correlation Search in Splunk ES.mp4

07:58

2. Demo- Exporting and Importing a Correlation Search.mp4

01:33

3. Summary.mp4

02:47

5. Implementing ES-specific Lookups and Managing Identities

0. Overview.mp4

03:44

1. Splunk ES-specific Lookups.mp4

10:22

2. Demo- Splunk ES-specific Lookups.mp4

07:44

3. Demo- Creating Search-driven Lookups in Splunk Enterprise Security.mp4

04:32

4. Introduction to Splunk ES Asset and Identity Framework.mp4

11:13

5. Demo- Adding Static Lookups to Asset and Identity Framework.mp4

11:56

6. Demo- Adding Dynamic Lookups to Asset and Identity Framework.mp4

06:05

7. Demo- Asset and Identity Investigator Dashboards.mp4

01:46

8. Summary.mp4

02:27

6. Summary

0. Wrap-up Summary.mp4

01:59

Description

Learn to plan, design, develop, tune, and deploy correlation searches in Splunk Enterprise Security v6. Understand and manage ES-specific lookups as well as setting up the Asset and Identity framework for data enrichment and helping investigations.

What You'll Learn?

Splunk Enterprise Security uses correlation searches to provide visibility into security-related threats and vulnerabilities, and generates notable events to track identified threats. In this course, Tuning and Creating Correlation Searches in Splunk Enterprise Security, you will gain the ability to create and tune correlation searches in Splunk Enterprise Security. First, you will learn how to tune and customize available correlation searches in Splunk Enterprise Security as well as plan, create, and deploy custom correlation searches specific to your environment. Next, you will discover ES-specific lookups and learn how to create and customize them. Finally, you will explore how to setup and manage assets and identities in Splunk ES for data enrichment purposes. When you are finished with this course, you will have the skills and knowledge of tuning and creating correlation searches needed to administer the incident management, and assets and identity frameworks of Splunk Enterprise Security.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Network Security

Information Security

Muhammad Awan

Instructor's Courses

Muhammad Awan is a Senior Splunk Admin in working in Public Sector. Has been associated with Splunk and data science related technologies for a decade. Splunk Certified Admin and Splunk Certified Power User. Microsoft Certified Solutions Exert and Microsoft Certified Solutions Associate (Office 365) MCSA (Messaging). Experience with Networks and Security technologies. He has been mentoring and teaching at various universities as a visiting faculty in the past. Loves to acquire new skills and disseminate the knowledge.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.