Simple play icon Course

Tuning and Creating Correlation Searches in Splunk Enterprise Security

by Muhammad Awan

Learn to plan, design, develop, tune, and deploy correlation searches in Splunk Enterprise Security v6. Understand and manage ES-specific lookups as well as setting up the Asset and Identity framework for data enrichment and helping investigations.

What you'll learn

Splunk Enterprise Security uses correlation searches to provide visibility into security-related threats and vulnerabilities, and generates notable events to track identified threats. In this course, Tuning and Creating Correlation Searches in Splunk Enterprise Security, you will gain the ability to create and tune correlation searches in Splunk Enterprise Security. First, you will learn how to tune and customize available correlation searches in Splunk Enterprise Security as well as plan, create, and deploy custom correlation searches specific to your environment. Next, you will discover ES-specific lookups and learn how to create and customize them. Finally, you will explore how to setup and manage assets and identities in Splunk ES for data enrichment purposes. When you are finished with this course, you will have the skills and knowledge of tuning and creating correlation searches needed to administer the incident management, and assets and identity frameworks of Splunk Enterprise Security.

Table of contents

Course Overview

About the author

Muhammad Awan is a Senior Splunk Admin in working in Public Sector. Has been associated with Splunk and data science related technologies for a decade. Splunk Certified Admin and Splunk Certified Power User. Microsoft Certified Solutions Exert and Microsoft Certified Solutions Associate (Office 365) MCSA (Messaging). Experience with Networks and Security technologies. He has been mentoring and teaching at various universities as a visiting faculty in the past. Loves to acquire new skills and dis... more

Ready to upskill? Get started