Tuning and Creating Correlation Searches in Splunk Enterprise Security
Course info



Course info



Description
Splunk Enterprise Security uses correlation searches to provide visibility into security-related threats and vulnerabilities, and generates notable events to track identified threats. In this course, Tuning and Creating Correlation Searches in Splunk Enterprise Security, you will gain the ability to create and tune correlation searches in Splunk Enterprise Security. First, you will learn how to tune and customize available correlation searches in Splunk Enterprise Security as well as plan, create, and deploy custom correlation searches specific to your environment. Next, you will discover ES-specific lookups and learn how to create and customize them. Finally, you will explore how to setup and manage assets and identities in Splunk ES for data enrichment purposes. When you are finished with this course, you will have the skills and knowledge of tuning and creating correlation searches needed to administer the incident management, and assets and identity frameworks of Splunk Enterprise Security.
Section Introduction Transcripts
Course Overview
[Autogenerated] Hi, everyone. My name is Mohammed Awan and welcome to Michael's Tuning and creating Correlation surges in Splunk enterprise security. I'm currently employed as plant technical lead in a large public sector organization. From my duty is to maintain and manage Splunk Splunk Enterprise Security and Splunk ideas. I. I've been working on Splunk and other technologies related to the other signs for last seven years or so With the networks and security background. Thousands of organizations around the globe are using Splunk enterprise security as their security information and event management technology for security monitoring, Advanced Threat Defense Incident investigation, incident response and heaps off other security analytics and operational intelligence use cases To orchestrate all these sensitive tasks in enterprise security, EPPS plank uses correlation surges as the two out off the five frameworks comprising the enterprise security app. Correlation searches belonged to incident management framework that sits at the core and other frameworks, then complimented. This course is part of the Splunk Enterprise Security Admin certification track. However, it's not just created with the aim of passing the certification exam. Rather, it tries to cover each and every aspect off tuning, creating, managing and deploying correlation searches as well as understanding and setting up the asset and identity information that enriches existing debt are with useful metadata for user's systems and other entities in our environment. As a prerequisite to this course, it is assumed that you have some prior knowledge off Splunk administration search processing language, its planks, knowledge objects like look ups and data models and save surges. A major part of this ghost consists of demos and hands on exercises. For this purpose, you'll be provided a customer that will generate sample data for you to consume while tuning and creating correlation searches and setting up the asset and identity framework will start with existing correlation searches. There. Chip with Splunk Enterprise Security will understand the anatomy off a correlation search and discuss each of its components in detail. We'll see how we can customize a search for our environment according to the requirements. Will also understand how we can enrich the data with custom fields while creating correlation searches. Starting right from the scratch will define a use case and plan developed, tune and deploy. A coalition search in a step by step manner through various temples, will then see House Blank manages identities and enriches that with S it and identity information. We'll go through different techniques to air data. Tow the asset and identity management system, including static and dynamic methods, as well as pulling data from the demand. Controllers using elder queries along with all this will visit and explore different dashboards that utilize the information will generate or help us add or manage information. For instance, security Poster incident Review, risk analysis, incident review settings, asset and identity centers, asset and identity investigators and many more. So let's dive in together and learn all about coalition surges in Splunk enterprise security.