Detailed Course Outline
Introduction
- The CyberSecurity Defense Analyst
- CIM, Data Models and Correlation Refresh
- Lab 1: Introducing the environment
Splunk Enterprise Security (ES) for Analysts
- What is SIEM again?
- Asset & Identity Framework
- Threat Intelligence Framework
- Notable Event Framework Adaptive Response Framework
- Incident Investigation Management in Splunk ES
- Lab 2: Pick up an Investigation
Risk Analysis Framework
- Overview
- Lab 3: Continue your investigation with RBA
Working with Splunk SOAR
- Introducing Splunk SOAR
- Lab 4: Splunk SOAR practice
Threat Hunting with PEAK
- PEAK Overview
- Lab 5: Threat Hunting Hands-on
Challenge Lab
- Lab 6: Run your own investigation