Tuning and Creating Correlation Searches in Splunk Enterprise Security

Learn to plan, design, develop, tune, and deploy correlation searches in Splunk Enterprise Security v6. Understand and manage ES-specific lookups as well as setting up the Asset and Identity framework for data enrichment and helping investigations.
Course info
Rating
(15)
Level
Intermediate
Updated
Feb 6, 2020
Duration
2h 43m
Table of contents
Course Overview
The Anatomy and Functions of Correlation Searches
Tuning Correlation Searches
Creating Correlation Searches
Importing and Exporting Correlation Searches
Implementing ES-specific Lookups and Managing Identities
Summary
Description
Course info
Rating
(15)
Level
Intermediate
Updated
Feb 6, 2020
Duration
2h 43m
Your 10-day individual free trial includes:

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.
Description

Splunk Enterprise Security uses correlation searches to provide visibility into security-related threats and vulnerabilities, and generates notable events to track identified threats. In this course, Tuning and Creating Correlation Searches in Splunk Enterprise Security, you will gain the ability to create and tune correlation searches in Splunk Enterprise Security. First, you will learn how to tune and customize available correlation searches in Splunk Enterprise Security as well as plan, create, and deploy custom correlation searches specific to your environment. Next, you will discover ES-specific lookups and learn how to create and customize them. Finally, you will explore how to setup and manage assets and identities in Splunk ES for data enrichment purposes. When you are finished with this course, you will have the skills and knowledge of tuning and creating correlation searches needed to administer the incident management, and assets and identity frameworks of Splunk Enterprise Security.

About the author
About the author

Muhammad Awan is a Senior Splunk Admin in working in Public Sector. Has been associated with Splunk and data science related technologies for a decade. Splunk Certified Admin and Splunk Certified Power User. Microsoft Certified Solutions Exert and Microsoft Certified Solutions Associate (Office 365) MCSA (Messaging).

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Mohammed Awan and welcome to Michael's Tuning and creating Correlation surges in Splunk enterprise security. I'm currently employed as plant technical lead in a large public sector organization. From my duty is to maintain and manage Splunk Splunk Enterprise Security and Splunk ideas. I. I've been working on Splunk and other technologies related to the other signs for last seven years or so With the networks and security background. Thousands of organizations around the globe are using Splunk enterprise security as their security information and event management technology for security monitoring, Advanced Threat Defense Incident investigation, incident response and heaps off other security analytics and operational intelligence use cases To orchestrate all these sensitive tasks in enterprise security, EPPS plank uses correlation surges as the two out off the five frameworks comprising the enterprise security app. Correlation searches belonged to incident management framework that sits at the core and other frameworks, then complimented. This course is part of the Splunk Enterprise Security Admin certification track. However, it's not just created with the aim of passing the certification exam. Rather, it tries to cover each and every aspect off tuning, creating, managing and deploying correlation searches as well as understanding and setting up the asset and identity information that enriches existing debt are with useful metadata for user's systems and other entities in our environment. As a prerequisite to this course, it is assumed that you have some prior knowledge off Splunk administration search processing language, its planks, knowledge objects like look ups and data models and save surges. A major part of this ghost consists of demos and hands on exercises. For this purpose, you'll be provided a customer that will generate sample data for you to consume while tuning and creating correlation searches and setting up the asset and identity framework will start with existing correlation searches. There. Chip with Splunk Enterprise Security will understand the anatomy off a correlation search and discuss each of its components in detail. We'll see how we can customize a search for our environment according to the requirements. Will also understand how we can enrich the data with custom fields while creating correlation searches. Starting right from the scratch will define a use case and plan developed, tune and deploy. A coalition search in a step by step manner through various temples, will then see House Blank manages identities and enriches that with S it and identity information. We'll go through different techniques to air data. Tow the asset and identity management system, including static and dynamic methods, as well as pulling data from the demand. Controllers using elder queries along with all this will visit and explore different dashboards that utilize the information will generate or help us add or manage information. For instance, security Poster incident Review, risk analysis, incident review settings, asset and identity centers, asset and identity investigators and many more. So let's dive in together and learn all about coalition surges in Splunk enterprise security.