Tuning and Creating Correlation Searches in Splunk Enterprise Security

Course Overview
[Autogenerated] Hi, everyone. My name is Mohammed Awan and welcome to Michael's Tuning and creating Correlation surges in Splunk enterprise security. I'm currently employed as plant technical lead in a large public sector organization. From my duty is to maintain and manage Splunk Splunk Enterprise Security and Splunk ideas. I. I've been working on Splunk and other technologies related to the other signs for last seven years or so With the networks and security background. Thousands of organizations around the globe are using Splunk enterprise security as their security information and event management technology for security monitoring, Advanced Threat Defense Incident investigation, incident response and heaps off other security analytics and operational intelligence use cases To orchestrate all these sensitive tasks in enterprise security, EPPS plank uses correlation surges as the two out off the five frameworks comprising the enterprise security app. Correlation searches belonged to incident management framework that sits at the core and other frameworks, then complimented. This course is part of the Splunk Enterprise Security Admin certification track. However, it's not just created with the aim of passing the certification exam. Rather, it tries to cover each and every aspect off tuning, creating, managing and deploying correlation searches as well as understanding and setting up the asset and identity information that enriches existing debt are with useful metadata for user's systems and other entities in our environment. As a prerequisite to this course, it is assumed that you have some prior knowledge off Splunk administration search processing language, its planks, knowledge objects like look ups and data models and save surges. A major part of this ghost consists of demos and hands on exercises. For this purpose, you'll be provided a customer that will generate sample data for you to consume while tuning and creating correlation searches and setting up the asset and identity framework will start with existing correlation searches. There. Chip with Splunk Enterprise Security will understand the anatomy off a correlation search and discuss each of its components in detail. We'll see how we can customize a search for our environment according to the requirements. Will also understand how we can enrich the data with custom fields while creating correlation searches. Starting right from the scratch will define a use case and plan developed, tune and deploy. A coalition search in a step by step manner through various temples, will then see House Blank manages identities and enriches that with S it and identity information. We'll go through different techniques to air data. Tow the asset and identity management system, including static and dynamic methods, as well as pulling data from the demand. Controllers using elder queries along with all this will visit and explore different dashboards that utilize the information will generate or help us add or manage information. For instance, security Poster incident Review, risk analysis, incident review settings, asset and identity centers, asset and identity investigators and many more. So let's dive in together and learn all about coalition surges in Splunk enterprise security.