Splunk Enterprise Security (ES) solves many problems within our SOCs, including efficient operations. In this course, Managing Splunk Enterprise Security Data and Dashboards, you’ll learn how to get the data usable for Splunk Enterprise Security and see how it can add to the function and uses of dashboards and features within the application. First, you’ll learn about the data ingestion and work through examples taking data and making it CIM-compatible for use for specific dashboards and features. Next, you’ll discover how to manage the dashboards that are available to you and how to modify them and the data to correspond to each other. Finally, you’ll learn how to configure and use features like the glass tables, forensics and investigation dashboards, and others. When you’re finished with this course, you’ll have the skills and knowledge of Splunk Enterprise Security needed to start ingesting data and administering it appropriately.
Author Name: Joe Abraham
Author Description:
Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child… more

Table of Contents

• Course Overview
  2mins
• Configuring Data Inputs for Splunk Enterprise Security
  34mins
• Examining Security Posture and Metrics
  24mins
• Managing the Incident Review Dashboard
  22mins
• Exploring Additional Dashboards and Features
  31mins
• Managing Investigations in Splunk Enterprise Security
  24mins