Administering Splunk Enterprise Security (ASES)
It covers ES event processing and normalization, deployment requirements, technology add-ons, dashboard dependencies, data models, managing risk, and customizing threat intelligence.
Retail Price: $1,500.00
Next Date: 07/10/2025
Course Days: 2
Enroll in Next Date
Request Custom Course
Course Objectives
- Examine how ES functions including data models, correlation searches, notable events, and dashboards
- Review risk-based alerting
- Customize the Investigation Workbench
- Learn how to install or upgrade ES
- Fine tune ES Global Settings
- Learn the steps to setting up inputs using technology add-ons
- Create custom correlation searches
- Customize assets and identities
- Configure threat intelligence
Who should attend
This 13.5-hour course prepares architects and systems administrators to install and configure Splunk Enterprise Security (ES).
Certifications
This course is part of the following Certifications:
- Splunk Enterprise Security Certified Admin
Prerequisites
To be successful, students should have a solid understanding of the following courses:
- Splunk Fundamentals 1 and 2
Outline: Administering Splunk Enterprise Security (ASES)
Module 1 – Introduction to ES
- Review how ES functions
- Understand how ES uses data models
- Configure ES roles and permissions
Module 2 – Security Monitoring
- Customize the Security Posture and Incident Review dashboards
- Create ad hoc notable events
- Create notable event suppressions
Module 3 – Risk-Based Alerting
- Give an overview of risk-based alerting
- View Risk Notables and risk information on the Incident Review dashboard
- Explain risk scores and how an ES admin can change an object's risk score
- Review the Risk Analysis dashboard
- Describe annotations
Module 4 – Incident Investigation
- Review the Investigations dashboard
- Customize the Investigation Workbench
- Manage investigations
Module 5 – Installation
- Prepare a Splunk environment for installation
- Download and install ES on a search head
- Test a new install
- Post-install configuration tasks
Module 6 – Initial Configuration
- Set general configuration options
- Add external integrations
- Configure local domain information
- Customize navigation
- Configure Key Indicator searches
Module 7 – Validating ES Data
- Verify data is correctly configured for use in ES
- Validate normalization configurations
- Install additional add-ons
Module 8 – Custom Add-ons
- Design a new add-on for custom data
- Use the Add-on Builder to build a new add-on
Module 9 – Tuning Correlation Searches
- Configure correlation search scheduling and sensitivity
- Tune ES correlation searches
Module 10 – Creating Correlation Searches
- Create a custom correlation search
- Manage adaptive responses
- Export/import content
Module 11 – Asset & Identity Management
- Review the Asset and Identity Management interface
- Describe Asset and Identity KV Store collections
- Configure and add asset and identity lookups to the interface
- Configure settings and fields for asset and identity lookups
- Explain the asset and identity merge process
- Describe the process for retrieving LDAP data for an asset or identity lookup
Module 12 – Threat Intelligence Framework
- Understand and configure threat intelligence
- Use the Threat Intelligence Management interface to configure a new threat list
| Course Dates | Course Times (EST) | Delivery Mode | GTR | |
|---|---|---|---|---|
| 7/10/2025 - 7/11/2025 | 9:00 AM - 5:00 PM | Virtual |
|
Enroll |