The Administering Splunk Enterprise Security course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security.

The Administering Splunk Enterprise Security covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.

​

Units : 3
Duration : 13.5 hours over 3 days
Time : 9:00 am – 1:30 pm AEST (GMT +10)
​

*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.

Administering Splunk Enterprise Security - Course Topics

• Identify normal ES use cases

• Examine deployment requirements for typical ES installs

• Learn how to install ES and gather information for lookups

• Learn the steps to setting up inputs using technology add-ons

• Create custom correlation searches

• Configure ES risk analysis, threat and protocol intelligence

• Fine tune ES’s settings and other customizations

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Course Prerequisites

Splunk Fundamentals 1

Splunk Fundamentals 2

Splunk Enterprise Data Administration

Splunk Enterprise System Administration

Architecting Splunk Enterprise Deployments (Recommended)

​

Related Certifications

Splunk Certified Enterprise Security Admin

Splunk Core Certified Consultant

Administering Splunk Enterprise Security - Audience

Anyone whose role includes deploying or configuring the Splunk App for Enterprise Security. Previous attendees have included IT Operations, Security Operations Centre (SOC) staff, Pre-Sales Consultants, Security Sales Engineers and Security Architects.

After completing Administering Splunk Enterprise Security course you will be able to

• Examine deployment topologies, requirements and checklist.

• Generate configurations and test new installations.

• Validate data against the Common Information Model.

• Configure ES inputs and Technology Add-ons.

• Describe and customize correlations searches.

• Configure asset/identify lookups and new threat feeds.

• Create your own add on for custom data sources.

• Audit an ES installation for completeness.

Administering Splunk Enterprise Security - Course Objectives

Module 7 – Validating ES Data

• Plan ES inputs

• Configure technology add-ons

Module 8 – Custom Add-ons

• Design a new add-on for custom data

• Use the Add-on Builder to build a new add-on

Module 9 – Correlation Searches

• Configure correlation search scheduling and sensitivity

• Tune ES correlation searches

• Create a custom correlation search

Module 10 – Lookups and Identity Management

• Identify ES-specific lookups

• Understand and configure lookup lists

Module 11 – Threat Intelligence Framework

• Understand and configure threat intelligence

• Configure user activity analysis

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

​

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

​

​

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

​

• UTC+10 including Australia (East Coast)

• UCT+11/+12 including New Zealand and the Pacific Islands

• UTC-8 including USA (West Coast), Canada (West Coast)

• UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses start at AET  2:00pm and finish at AET 6:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

​

• UTC+9 including Japan, Korea

• UTC+8 including Australia (West Coast), Singapore, Hong Kong, China, Philippines, Brunei, Thailand

• UTC +5/+6 including India and Sri Lanka

Administering Splunk Enterprise Security - Upcoming Courses