In this course, Streamlining Your Incident Response Process with Splunk, Ryan Chapman and Aaron Rosenmund discuss how Splunk can help streamline your incident response (IR) process. Learn the benefits and importance of log aggregation, why Splunk is the best tool for the job, and how Splunk works and which logs you’ll need. By the end of this course, you’ll have a solid understanding of the true benefits Splunk brings to the IR realm.
Ryan is a certified incident response analyst and reverse engineer who also wears the hats of forensic analyst and developer. He enjoys speaking at conferences and performing stand-up comedy. Ryan spent six years as a technical trainer, and he is passionate about life-long learning.
Course Overview Hello everyone. I'm Aaron Rosenmund, a full-time cyber security author for Pluralsight focused on security operations in incident response, and a part-time member of the Florida Air National Guard where I focus on the development and implementation of defensive cyber operations. Working as a cyber security operator, nothing is more important than the tools that work and save you time. Splunk can provide the capability to interrogate host information and correlate them with the wide variety already in place monitoring alerts and skill. I've teamed up with a fellow author and Splunk enthusiast, Ryan Chapman, to cover the aspects of Splunk that make it such a great solution for incident response. Oh Aaron, enthusiast might be a bit of an understatement. Hi folks, my name is Ryan Chapman, and I'm an incident response analyst. I'm a certified incident handler and a reverse engineer of malware, but I also spend quite a bit of time performing host- based and network-based forensic examinations. I'm a huge proponent of Splunk, which has led to me becoming certified as both a Splunk power user and a Splunk administrator. Not only do I love Splunk, but I love to run my mouth, which has led to me presenting at five different Splunk conferences to date. As you can probably already tell, I'm very excited to have the opportunity here to champion Splunk in this course. We are going to cover what makes Splunk stand out as a widely adopted SIEM, a use case for log collection, how the Splunk architecture functions at scale, and what sources need to be included to make it useful for incident response. Then we'll have Ryan walk us through the incident response process using Splunk to prosecute a live alert. This course will interest you if you work within an incident response environment and would like to drastically reduce the time it takes to respond to incidents. As long as you have a background in incident response, such as being familiar with how to field an alert within a SIEM, you're going to be good to go. By the end of this course, you will be familiar with the benefits of Splunk, the layout of general Splunk deployment architecture, the key logs you should be looking to ingest into Splunk, and the feel for incident response as conducted with Splunk in your toolset. I hope you will join us for this Play by Play on streamlining your incident response with Splunk, on Pluralsight.