English | Size: 4.38 GB
Genre: eLearning
Great analysts understand how to manipulate data to find what they’re looking for.
Whether you’re a SOC analyst trying to prove an alert is a false positive, a responder looking for indications of lateral movement, a threat intel analyst tryiing to identify patterns among attacker behavior, or a threat hunter looking for something your intrusion detection tools missed… you have to understand how to use your tools effectively to achieve your goal. That’s where Splunk comes in.
Splunk is a data analysis platform that allows security practitioners to centralize data, search through it, correlate events, and create security analytics and dashboards.
It’s also the most popular commercial SIEM used by security teams to perform investigations and threat hunting.
But, learning to use Splunk effectively is challenging. It’s a complex tool with a lot of features and multiple paths to achieve similar goals. Not only that, but the documentation is written for a more general audience without satisfying many of the use cases common to cyber security.
I always thought there needed to be a way to help security analysts learn to use Splunk effectively from the ground up and get answers to the most common questions they’ll encounter. Now, I’m excited to offer a no-nonsense online course that does just that and is built for security analysts who want to learn Splunk… by security analysts who use Splunk every day.
Splunk for Security Analysts will teach you how to use Splunk to onboard data, extract meaningful fields, and search through it using real security data to conduct security research and investigations. This course goes beyond the documentation to provide a diverse set of real-world security data that you’ll use to gain confidence with Splunk’s extensive capabilities.
You’ll learn…
The Splunk Data Pipeline
The components of a Splunk environment
How data travels through Splunk
Locations of Splunk configuration files, what they do, and their precedence
Where to find and install apps
Data Onboarding
Creating indexes for storing data
Installing and configuring Universal Forwarders to ship logs to Splunk
Onboarding security evidence sources such as Windows Event Logs, Linux OS logs, Apache Web Server logs, CSV files, and more
Techniques for reliably onboarding custom data sources
How to extract important fields from data streams
Finding and Exploring Data
Understand different search modes for data matching
Organize search results with the FIELDS, TABLE, and SORT commands
Find uncommon values with the TOP and RARE commands
Create new fields using the EVAL and REX commands
Create calculations using the STATS, EVENTSTATS, and STREAMSTATS commands
Display results in graphs with the CHART and TIMECHART commands
Optimize Splunk queries for maximum performance
Enrichment and Advanced Filtering
Enrich data with lookups from internal and external sources
Perform searches within searches (subsearches)
Sharing, Scheduling, and Alerting
Save searches and share results with other analysts
Create ad-hoc and scheduled reports from queries
Create alerts from queries
Visualization and Dashboards
Build static dashboards to display query results and charts
Build dynamic dashboards with options for changing the search time range and inputs
Create custom drilldowns for pivoting from search results
Explore Dashboard Studio to quickly create new dashboards visually
Throughout the course, you’ll also work through real-world security scenarios, including:
Identifying look-a-like domains used for phishing
Finding the first time a user logged into each system on the network
Identifying password guessing attempts with failed logons
Finding HTTP Connections to a web server’s IP addresses rather than its domain name
Identifying high network bandwidth consumption from a baseline
Searching multiple data sources for common indicators
… and many more!
For each of these concepts, I’ll describe how the Splunk feature works and demonstrate it using data you’re likely to encounter in security operation centers and incident response scenarios. As the course moves forward, we’ll build on each of the techniques I demonstrate so that you can practice what you’re learning and retain it. You’ll be able to apply these skills to your own environment immediately.
If you want to learn how to use Splunk to centralize security data, find answers to investigative questions, correlate security events, and hunt down threats…Splunk for Security Analysts is the course you’re looking for.
rapidgator.net/file/77e10eed6356d91c0d776a4c771c01f0/Splunk-for-Security-Analysts.part1.rar.html
rapidgator.net/file/192d153ce09f66a85736d444bff14036/Splunk-for-Security-Analysts.part2.rar.html
rapidgator.net/file/59153e6cfe9b8309e8c5f2c6030cc435/Splunk-for-Security-Analysts.part3.rar.html
rapidgator.net/file/2e4faa70ceff710107b5176c819780cb/Splunk-for-Security-Analysts.part4.rar.html
rapidgator.net/file/cd927b8a01ed7e2ce9a8e778fb9f7789/Splunk-for-Security-Analysts.part5.rar.html
trbbt.net/ixegsey4ni57/Splunk-for-Security-Analysts.part1.rar.html
trbbt.net/ghsjmriicig4/Splunk-for-Security-Analysts.part2.rar.html
trbbt.net/ry21m2bb3de9/Splunk-for-Security-Analysts.part3.rar.html
trbbt.net/tt08v840q9c0/Splunk-for-Security-Analysts.part4.rar.html
trbbt.net/m684yz0ncjh7/Splunk-for-Security-Analysts.part5.rar.html
If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9