Streamlining Your Incident Response Process with Splunk
In this course, you’ll learn how Splunk can help streamline your incident response (IR) process.
What you'll learn
In this course, Streamlining Your Incident Response Process with Splunk, Ryan Chapman and Aaron Rosenmund discuss how Splunk can help streamline your incident response (IR) process. Learn the benefits and importance of log aggregation, why Splunk is the best tool for the job, and how Splunk works and which logs you’ll need. By the end of this course, you’ll have a solid understanding of the true benefits Splunk brings to the IR realm.
Table of contents
- Deploying Splunk for Your Organization 10m
- Looking at a Small Enterprise Deployment 2m
- Setting up Splunk the First Time 5m
- Data Sources for Splunk 2m
- Exploring Which Data Sources We Need 6m
- Pulling in Multiple Sources of Data 4m
- Storing Data 4m
- From Security Alert to Analysis 9m
- Wrapping up and Summary 3m
About the authors
Ryan is a certified incident response analyst and reverse engineer who also wears the hats of a forensic analyst and developer. He thoroughly enjoys running his mouth, which lends well to his presenting at conferences and performing stand-up comedy. Ryan spent six years as a technical trainer, and he is passionate about life-long learning. Outside of work, Ryan enjoys practicing Brazilian Jiu Jitsu and rock climbing in addition to spending time with his wife and daughter.
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more