Designing and Creating Add-ons for Splunk Enterprise Security

Splunk Enterprise Security is a premium application used within the Splunk deployment to help with SOC operations. This course will teach you how to design and create add-ons to enable customization of the application and its uses.
Course info
Level
Intermediate
Updated
Sep 29, 2020
Duration
1h 38m
Table of contents
Description
Course info
Level
Intermediate
Updated
Sep 29, 2020
Duration
1h 38m
Description

Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Designing and Creating Add-ons in Splunk Enterprise Security, you’ll learn how to design the add-on based on use cases and the data, as well as build it. First, you’ll learn about the data sources and see how to configure them for ingestion into Splunk. Next, you’ll learn about the Splunk Add-on Builder and walk through the workflow of it. We’ll design and create an add-on in Splunk. Finally, you’ll learn how to validate the add-ons to ensure that they align with best practices and recommendations. When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise Security needed to build add-ons for new data sources to use within Splunk Enterprise Security.

About the author
About the author

Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.

More from the author
Cisco CyberOps: Analyzing Hosts
Intermediate
1h 59m
Oct 12, 2020
Cisco CyberOps: Security Monitoring
Intermediate
1h 59m
Aug 5, 2020
More courses by Joe Abraham
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, everyone. My name is Joe Abraham, and welcome to my course, Designing and Creating Add‑ons for Splunk Enterprise Security. I am currently a cybersecurity consultant and a Pluralsight author with courses in the IT Operations and Cybersecurity domains. We all have data that we need to normalize in some fashion to fit into the data story for our organization. Do you want to learn how to add new data sources to Splunk without compromising its functionality? Do you want to learn how to build an add‑on to help expedite this process? Well in this course, we'll do that. I'll help you learn all about these aspects of Splunk Enterprise and how to build an add‑on for Enterprise Security. Some of the major topics that we will cover include understanding data sources for Splunk, designing an add‑on in Splunk using the Add‑on Builder, and configuring and validating the add‑on. By the end of this course, you'll know all about the process to design, build, and maintain a custom add‑on for Splunk Enterprise Security. Before beginning this course, you should be familiar with basic IT terminology and have a desire to learn more about this tool. Knowledge of Splunk and machine data would help out as well. From here, you should feel comfortable diving further into the Splunk Add‑on Builder tool, building your own add‑ons for Splunk Enterprise Security, and using the apps effectively as we continue down this and other Splunk learning paths at Pluralsight. I hope you'll join me in this journey to learn more about Splunk Enterprise Security with the Designing and Creating Add‑ons for Splunk Enterprise Security course, at Pluralsight.