Designing and Creating Add-ons for Splunk Enterprise Security

by Joe Abraham

Splunk Enterprise Security is a premium application used within the Splunk deployment to help with SOC operations. This course will teach you how to design and create add-ons to enable customization of the application and its uses.

What you'll learn

Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Designing and Creating Add-ons in Splunk Enterprise Security, you’ll learn how to design the add-on based on use cases and the data, as well as build it. First, you’ll learn about the data sources and see how to configure them for ingestion into Splunk. Next, you’ll learn about the Splunk Add-on Builder and walk through the workflow of it. We’ll design and create an add-on in Splunk. Finally, you’ll learn how to validate the add-ons to ensure that they align with best practices and recommendations. When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise Security needed to build add-ons for new data sources to use within Splunk Enterprise Security.

About the author

Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who ... more

Ready to upskill? Get started