Splunk Enterprise Security is a premium application used within the Splunk deployment to help with SOC operations. This course will teach you how to configure various threat intelligence sources for use within Splunk Enterprise Security.
Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Configuring Threat Intelligence in Splunk Enterprise Security, you’ll learn how to get this information into the tool from various sources. First, you’ll learn about threat intelligence and the different formats it comes in. Next, you’ll learn about the Splunk Threat Intelligence Framework and how to use it in order to enrich your data. You’ll look at the threat intelligence tools that we can use in the application as well. Finally, you’ll learn how to configure the threat intelligence sources and parse the data in order to get what you need for Splunk Enterprise Security.
Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.
Course Overview Hi, everyone. My name is Joe Abraham, and welcome to my course, Configuring Threat Intelligence in Splunk Enterprise Security. I'm currently a cybersecurity consultant and a Pluralsight author with courses in the IT operations and cybersecurity domains. In today's cyber landscape, there are many different attacks to account for. There are many tactics, techniques and procedures as well. Keeping track of all this intelligence and using it effectively is crucial to the SOC operations. Do you want to learn how to add and manage this data to use with Splunk Enterprise Security? Well, in this course we'll do that. I'll help you learn all about the threat intelligence within Splunk Enterprise Security and how to get it set up in your environment. Some of the major topics that we will cover include learning about the threat intelligence framework, understanding Splunk's intelligence tools, and configuring and using threat intelligence within Splunk Enterprise Security. By the end of this course, you'll know all about the process to add, manage, and validate threat and other intelligence for Splunk Enterprise Security. Before beginning this course, you should be familiar with basic IT terminology and have a desire to learn more about this tool. Knowledge of Splunk, intelligence sharing, and machine data would help out as well. From here, you should feel comfortable diving further into Splunk Enterprise Security and using the application effectively as we continue down this and other Splunk learning paths at Pluralsight. I hope that you'll join me on this path to learn more about Splunk Enterprise Security with the Configuring Threat Intelligence in Splunk Enterprise Security course, at Pluralsight.