Splunk

Module 1: Introduction to Splunk

• Splunk Overview

Module 2: Indexing and Data Retention

• Overview of Indexers and Indexes
• Understanding Index Buckets and Data Ageing
• Retention and archiving policy
• Basic Cluster

Module 3: Search Head Overview

• Overview of Splunk Search head and configuration
• Distributed Search
• Overview of Search head clustering

Module 4: Basic Searching

• Basic Overview of Splunk Search
• SPL Language
• Create Simple Dashboards
• Setting up Alerts and Reports
• Common Search Commands
• Troubleshooting Steps

Module 5: Splunk Fundamentals

• Splunk knowledge objects Overview
• Classify and group events
• Define and Maintain Event types
• Tags creation
• Field extractions
• Field Extractor
• Search-time field extractions
• Overview of Lookups
• Configuring and customizing Lookups
• Splunk CIM Overview and its correlation

Module 6: Searching and Reporting

• Types of searches
• Creating statistical tables and charts
• Grouping and correlating events
• Common search commands
• Best practices in optimizing search
• Functions for eval and stats command
• Application of the following search commands by category
• Correlation
• Anomaly Detection
• Reporting
• Geographic
• Prediction and Trending
• Search and Sub-search commands
• Using Sub-searches
• Time commands
• Formats for converting strings into time-stamps
• Understanding SPL syntax
• Usage of Keywords and Boolean operators 
• Combining Searched

Module 7: Alerts

• Alerts Overview
• Types of Alerts
• Setup Alert actions
• Scheduled Alert
• Real time Alert
• Alert examples
• Troubleshooting Steps

Module 8: Reporting

• Reporting Overview
• Create and Edit Reports
• Setup Scheduled Reports
• Customize Report Formats
• Report examples
• Troubleshooting Steps

Module 9: Administering Splunk Enterprise

• Identify Splunk components
• Identify Splunk system administrator role
• Identify license types
• Describe license violations
• Add and remove licenses
• Describe Splunk apps and add-ons
• Describe index structure
• List types of index buckets
• Describe user roles in Splunk
• Create a custom role
• Add Splunk user
• Describe how distributed search work
• Explain the roles of the search head and search peer

Module 10: Splunk Enterprise Security – Overview

• Getting Started with ES
• Security monitoring and Incident investigation
• Forensic Investigation with ES
• Risk and Network Analysis
• Security Posture
• Incident Review
• Notable events management
• Tune ES correlation searches
• Create a custom correlation search
• Configuring adaptive responses

Module 11: Splunk for Analytics and Data Science

• Define terms related to analytics and data science
• Describe the framework for multi-departmental analytics projects
• Identify analytics project best practices
• Identify common use cases
• Define some concepts and terms associated with machine learning
• Describe the machine learning workflow
• Use Machine Learning Toolkit Showcases and Assistants
• Use Machine Learning Toolkit commands and features
• Define anomaly detection
• Identify anomaly detection use cases
• Describe Splunk anomaly detection solution

Module 12: Miscellaneous

• Walk-through over Splunk Apps
• Basic Understanding of Splunk App creation
• Introduction to Phantom
• Describe how apps and assets work in Phantom
• Add and configure new apps
• Configure assets
• Introduction to UBA
• UBA interface tour
• Responding to threats
• Triaging false positives
• Introduction to ITSI
• Describe reasons for using ITSI
• Examine the ITSI user interface