Splunk Online Training

Splunk Overview

Splunk is an analytics tool. It's used as an SIEM tool by Security Analysts in SOC.
In SOC, our job is to monitor, detect, isolate security incidents to maintain CIA (Confidentiality, Integrity, Availability). We get millions of events for the bad things happening on tons of our systems in the network. It is very difficult to monitor and analyze huge amounts of data. So there should be a structured way to prosecute and correlate events. There comes the SIEM.
Splunk is an SIEM tool. It can index data, search, add knowledge to data, monitor & alert, and report & analyze.

3 main components in Splunk:

Indexer: processes machine data into human readable format
Search head: allows us to search indexed data
Forwarders: consume data from data sources and send to the indexer

Deployment server, Cluster master and License master are additional components.
Forwarder can consume data from any type of data source like syslog. Splunk also has Apps which contain pre built reports, dashboards etc. Configure data sources to Splunk and you can monitor all devices on one instance.

Course Topics

• Introduction to Splunk’s interface
• Basic searching
• Using fields in searches
• Search fundamentals
• Transforming commands
• Creating reports and dashboards
• Datasets
• The Common Information Model (CIM)
• Creating and using lookups
• Scheduled Reports
• Alerts
• Using Pivot

Course Objectives

Introduction

• How to Use the eLearning Interface
• Overview of Buttercup Games Inc.

What is Splunk?

• Splunk components
• Installing Splunk
• Getting data into Splunk
• Module 3 – Introduction to Splunk’s User Interface
• Understand the uses of Splunk
• Define Splunk Apps
• Customizing your user settings
• Learn basic navigation in Splunk

Basic Searching

• Run basic searches
• Use autocomplete to help build a search
• Set the time range of a search
• Identify the contents of search results
• Refine searches
• Use the timeline
• Work with events
• Control a search job
• Save search results

Using Fields in Searches

• Understand fields
• Use fields in searches
• Use the fields sidebar

Search Language Fundamentals

• Review basic search commands and general search
• practices
• Examine the search pipeline
• Specify indexes in searches
• Use autocomplete and syntax highlighting
• Use the following commands to perform searches:
  1. tables
  2. rename
  3. fields
  4. dedup
  5. sort

Using Basic Transforming Commands

• The top command
• The rare command
• The stats command

Creating Reports and Dashboards

• Save a search as a report
• Edit reports
• Create reports that include visualizations such as charts and tables
• Create a dashboard
• Add a report to a dashboard
• Edit a dashboard

Datasets and the Common Information Model

• Naming conventions
• What are datasets?
• What is the Common Information Model (CMI)?

Creating and Using Lookups

• Describe lookups
• Create a lookup file and create a lookup definition
• Configure an automatic lookup

Creating Scheduled Reports and Alerts

• Describe scheduled reports
• Configure scheduled reports
• Describe alerts
• Create alerts
• View fired alerts

Using Pivot

• Describe Pivot
• Understand the relationship between data models and pivot
• Select a data model object
• Create a pivot report
• Create an instant pivot from a search
• Add a pivot report to a dashboard

Attend Live Demo Today!!
Contact Now!!
USAONLINETRAINING.COM
CALL : +91 9160401016
MAIL : [email protected]

No. of Days:	30
Total Hours:	30
No. of Participants:	5