Configuring Threat Intelligence in Splunk Enterprise Security

Splunk Enterprise Security is a premium application used within the Splunk deployment to help with SOC operations. This course will teach you how to configure various threat intelligence sources for use within Splunk Enterprise Security.
Course info
Level
Intermediate
Updated
Dec 10, 2020
Duration
1h 44m
Table of contents
Description
Course info
Level
Intermediate
Updated
Dec 10, 2020
Duration
1h 44m
Description

Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Configuring Threat Intelligence in Splunk Enterprise Security, you’ll learn how to get this information into the tool from various sources. First, you’ll learn about threat intelligence and the different formats it comes in. Next, you’ll learn about the Splunk Threat Intelligence Framework and how to use it in order to enrich your data. You’ll look at the threat intelligence tools that we can use in the application as well. Finally, you’ll learn how to configure the threat intelligence sources and parse the data in order to get what you need for Splunk Enterprise Security.

About the author
About the author

Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.

More from the author
Writing Zeek Rules and Scripts
Intermediate
2h 6m
May 10, 2021
Network Analysis with pfSense
Intermediate
38m
Feb 25, 2021
More courses by Joe Abraham
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, everyone. My name is Joe Abraham, and welcome to my course, Configuring Threat Intelligence in Splunk Enterprise Security. I'm currently a cybersecurity consultant and a Pluralsight author with courses in the IT operations and cybersecurity domains. In today's cyber landscape, there are many different attacks to account for. There are many tactics, techniques and procedures as well. Keeping track of all this intelligence and using it effectively is crucial to the SOC operations. Do you want to learn how to add and manage this data to use with Splunk Enterprise Security? Well, in this course we'll do that. I'll help you learn all about the threat intelligence within Splunk Enterprise Security and how to get it set up in your environment. Some of the major topics that we will cover include learning about the threat intelligence framework, understanding Splunk's intelligence tools, and configuring and using threat intelligence within Splunk Enterprise Security. By the end of this course, you'll know all about the process to add, manage, and validate threat and other intelligence for Splunk Enterprise Security. Before beginning this course, you should be familiar with basic IT terminology and have a desire to learn more about this tool. Knowledge of Splunk, intelligence sharing, and machine data would help out as well. From here, you should feel comfortable diving further into Splunk Enterprise Security and using the application effectively as we continue down this and other Splunk learning paths at Pluralsight. I hope that you'll join me on this path to learn more about Splunk Enterprise Security with the Configuring Threat Intelligence in Splunk Enterprise Security course, at Pluralsight.