Splunk Administration Fundamentals

Course description:

Splunk Admin course teaches you how to search and navigate in Splunk to create reports and dashboards, both using Splunk’s searching and reporting commands and using the product’s interactive Pivot tool. Also focusing on more advanced searching and reporting commands as well as on the creation of knowledge objects.
Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models.
It also covers Splunk Enterprise Security’s event processing and normalization, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration.
Hands-on labs challenges will enable you to create robust searches, reports, and charts, and you will explore some security use cases like threat hunting and malware analysis.

Target audience:

• DevOps engineers
• Linux system administrators
• Systems design engineers
• Architects

Prerequisites for Splunk Administration Fundamentals:

There are no prerequisites for this course.

Nice to have:

Basic Linux command line experience

Course module structure

Module 1: Introduction to Splunk
– Machine Data
– What is Splunk
– Splunk Components

Module 2: Installing Splunk and install forwarders
– Splunk Installation
– Splunk component installation
– Forwarder Types
– Installing Universal Forwarder
Hands-on Lab:
– Installing Splunk
– Installing and configuring Forwarders

Module 3: Splunk User interface
– Using Splunk Web Admin
– Users and Roles
– What are Apps?
– Navigating through UI
– Home App
– Search & Reporting App
Hands-on Lab: Splunk Interface

Module 4: Get data into Splunk/HEC
– Identify the input types
– Uploading data using Splunk Web
– Using the Monitor option
Hands-on Lab: Get data into Splunk

Module 5: SPL
– Search Language Syntax
– Search Language Syntax Components
– The Search Pipeline
– Syntax Coloring
– Creating a table
– Using fields, dedup, sort commands in searches
– Regex in your SPL
– Using Regex for Pattern Matching
Hands-on Lab: SPL basic searching

Module 6: Search and report
– Run basic searches
– Use autocomplete to help build a search
– Identify the contents of search results
– Refine searches
– Control a search job
– Save search results
– Creating Reports
Hands-on Lab: Search and report

Module 7: Dashboards and reports
– Tables and Visualizations
– Create Dashboards
Hands-on Lab: Dashboards and visualizations

Module 8: Building an operational intelligence app using all knowledge
– Splunkbase
– Create an App
– Building an Operational Intelligence App
Hands-on Lab: Build osp application

Module 9: Creating alerts
– Creating Alerts
– Adding Triggers
– Editing Alerts
– Setting Alerts permissions
Hands-on Lab: Creating alerts for osp app

Module 10: Datasets and pivoting
– Visualize Dataset with Pivot
– iltered Pivot
– Instant Pivot
– Adding Pivot to a Dashboard
Hands-on Lab: Pivoting

Module 11: Splunk Security
– Splunk Security Portfolio
– What is Enterprise Security?
– Incident Review Interface
– Asset and Identity Framework
– Risk Analysis Framework
– Threat Intelligence Framework
– Adaptive Response Framework
– Compliance, Security Monitoring
– Advanced Threat Detection
– Incident Investigation, Incident Response
– SOC Automation

Module 12: Analyzing APT Use case
Hands-on Lab: Your company has been targeted by an APT group and you have to investigate the attack and evaluate the damage.

Module 13: Analyzing Ransomware Use case
Hands-on Lab: Investigating a ransomware case in your company.