All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Security
    •

Splunk Enterprise Security Administration

6 Courses
11 Hours
Skill IQ

A Splunk Enterprise Security (ES) Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customization's.

This skill demonstrates an individual's ability to install, configure, and manage a Splunk Enterprise Security deployment.

Get started

Content in this path

Beginner

In this section, you will review the features and concepts of Splunk Enterprise Security, as well as, how to install, deploy, and configure Splunk Enterprise Security.

Course

Splunk Enterprise Security: Big Picture

  • by Joe Abraham
  • 51m
  • Mar 31, 2020
Course

Planning, Deploying, and Configuring Splunk Enterprise Security

  • by Joe Abraham
  • 1h 34m
  • May 22, 2020

Intermediate

In this section, you will learn to configure and manage Splunk ES dashboards. Next, you will learn how to tune and create correlation searches in Splunk ES. Last, you will learn how to configure threat intelligence in Splunk ES.

Course

Managing Splunk Enterprise Security Data and Dashboards

  • by Joe Abraham
  • 2h 20m
  • Jul 23, 2020
Course

Designing and Creating Add-ons for Splunk Enterprise Security

  • by Joe Abraham
  • 1h 39m
  • Sep 30, 2020
Course

Tuning and Creating Correlation Searches in Splunk Enterprise Security

  • by Muhammad Awan
  • 2h 43m
  • Feb 06, 2020
Course

Configuring Threat Intelligence in Splunk Enterprise Security

  • by Joe Abraham
  • 1h 44m
  • Dec 10, 2020
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
What You'll Learn
  • Review of the features and concepts of Splunk Enterprise Security
  • Configure Splunk ES dashboards to reveal insights, monitor, and investigate
  • Manage Splunk Enterprise Security dashboards
  • Deploy Splunk Enterprise Security to your SOC environment
  • Install and Configure Splunk Enterprise Security
  • Customize Splunk Enterprise Security data
  • Create custom add ons to enhance visibility
  • Tune correlation searches for use in Splunk Enterprise Security
  • Create correlation searches for use in Splunk ES
  • Add context to data using lookups and identities
  • Deploy Splunk ES security intelligence tools
  • Use the Splunk threat inteligence framework
Prerequisites
  • Knowledge of basic networking concepts (CompTIA Network+)
  • Knowledge of the fundamental information security concepts (CompTIA Security+)
  • Knowledge and skill of security event triage
  • Knowledge and skill of incident response and handling
  • Basic competence of using Splunk Enterprise
Related topics
  • security event triage
  • incident detection and response
  • SIEM solutions
  • incident investigation
  • security operations
  • splunk fundamentals
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Joe Abraham
Joe Abraham
Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child...
Muhammad Awan
Muhammad Awan
Muhammad Awan is a Senior Splunk Admin in working in Public Sector. Has been associated with Splunk and data science related technologies for a decade. Splunk Certified Admin and Splunk Certified Power User. Microsoft Certified Solutions Exert and Microsoft Certified Solutions Associate (Office 365) MCSA (Messaging). Experience with Networks and Security technologies. He has been mentoring and teaching at various universities as a visiting faculty in the past. Loves to acquire new skills and dis...

Join our learners and upskill
in leading technologies