Managing Splunk Enterprise Security Data and Dashboards

Splunk Enterprise Security is a premium application used within the Splunk deployment to help with SOC operations. This course will teach you how to manage your data, and manage the dashboards and feature using the data.
Course info
Level
Intermediate
Updated
Jul 23, 2020
Duration
2h 20m
Table of contents
Description
Course info
Level
Intermediate
Updated
Jul 23, 2020
Duration
2h 20m
Description

Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Managing Splunk Enterprise Security Data and Dashboards, you’ll learn how to get the data usable for Splunk Enterprise Security and see how it can add to the function and uses of dashboards and features within the application. First, you’ll learn about the data ingestion and work through examples taking data and making it CIM-compatible for use for specific dashboards and features. Next, you’ll discover how to manage the dashboards that are available to you and how to modify them and the data to correspond to each other. Finally, you’ll learn how to configure and use features like the glass tables, forensics and investigation dashboards, and others. When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise Security needed to start ingesting data and administering it appropriately.

About the author
About the author

Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.

More from the author
Cisco CyberOps: Security Monitoring
Intermediate
1h 59m
Aug 5, 2020
Cisco CyberOps: Exploring Security Concepts
Intermediate
1h 37m
May 29, 2020
More courses by Joe Abraham
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, everyone. My name is Joe Abraham, and welcome to my course, Managing Splunk Enterprise Security Data and Dashboards. I'm currently a cybersecurity consultant and a Pluralsight author with courses in the IT operations and cybersecurity domains. Are you trying to get your SOC the tools that it needs to properly threat hunt, correlate events, and investigate attacks? Do you want to modify the dashboards and data that you're using with Splunk Enterprise Security? Well, in this course, we'll do that. I'll help you learn all about these aspects of Splunk Enterprise Security and how to use the dashboards with your data to help improve your workflows, glean better information, and see the security metrics that are important to you. Some of the major topics that we will cover include: configuring data inputs for Splunk Enterprise Security, examining metrics and organizational posture, exploring dashboards, features and functions to use our data with, and managing key indicators, notables, and investigations. By the end of this course, you'll know all about the application's data and dashboards and be able to continue setting up your deployment and to make it functional. Before beginning this course, you should be familiar with basic IT terminology and have a desire to learn more about this security tool. Knowledge of machine data would help out as well. From here, you should feel comfortable diving further into the Splunk Enterprise Security tool and start navigating through, ingesting and modifying your data to fit into the application's functions, and designing add‑ons to help us with this, as we continue down this and other Splunk learning paths at Pluralsight. I hope you'll join me on this journey to learn more about Splunk Enterprise Security with the Managing Splunk Enterprise Security Data and Dashboards course at Pluralsight.