Description

Splunk for Security Analytics and Monitoring Course + PDF Guides

 

Course details

Splunk offers IT technicians a single-pane inventory, performance and security monitoring interface for on-premises and cloud-based devices, servers, apps and services. In this course, learn how to plan the deployment and management of a Splunk ecosystem to provide a centralized way to monitor the performance and security of on-premises and cloud-based IT devices and software services.

Instructor Daniel Lachance shows you how to deploy Splunk servers on-premises and in the cloud followed by configuring a variety of data sources such as Microsoft Active Directory and LInux log files, to forward their events to a Splunk indexer. Then, work with the Splunk web GUI, perform queries, manage dashboards, reports and alerts, and learn how to use playbooks to automate event workflows.

 

 

Skills you’ll gain

 

• Security Monitoring
• Splunk

 

Contents

Introduction

Splunk explained

What you should know

 

1. The Splunk Ecosystem

SIEM and SOAR overview

Splunk overview

Splunk components

Splunk data ingestion

 

2. Deploying Splunk

Splunk deployment planning

Installing Splunk on Linux

Installing Splunk on Windows

Splunk users and roles

Using the Splunk web GUI

Using the Splunk CLI

 

3. Splunk and the Cloud

Deploying the AWS Splunk AMI

Deploying Splunk Cloud

 

4. Splunk Data Ingestion

Forwarding Linux logs to Splunk

Forwarding Windows log events to Splunk

Monitoring Windows files

Monitoring Windows printers

Configuring Snort IDS alerts for Splunk

Configuring an HTTP Event Collector (HEC)

Forwarding Microsoft AD events to Splunk Cloud

 

5. Splunk Insights

Splunk searching overview

Performing Splunk queries

Working with Splunk dashboards and reports

Managing Splunk alerts

Conclusion

What’s next?