Splunk Enterprise Security (ES)


Splunk Enterprise Security (ES)
- پیشرفته
- مسیر آبی
- ۹ درس

دربارهی این دوره
این دوره به چه افرادی توصیه میشود؟
- کارشناسان مراکز SOC
- مهندسین امنیت شبکه و زیرساخت
- تحلیلگران امنیت سایبری
- مشاورین امنیت سایبری
- کارشناسان Digital Forensic
- کارشناسان شکار تهدیدات سایبری
برای حضور در این دوره چه دانشهایی باید داشته باشم؟
- آشنایی با مفاهیم حملات سایبری
- آشنایی با مفاهیم و تعاریف تحلیل وقایع و لاگ
- آشنایی با Splunk Enterprise
سرفصلهای دوره
-
Getting Started with ES
-
Describe the features and capabilities of Splunk Enterprise Security (ES)
-
Explain how ES helps security practitioners prevent, detect, and respond to threats
-
Describe correlation searches, data models, and notable events
-
Describe user roles in ES
-
-
Security Monitoring and Incident Investigation
-
Use the Security Posture dashboard to monitor ES status
-
Use the Incident Review dashboard to investigate notable events
-
Take ownership of an incident and move it through the investigation workflow
-
Create notable events
-
Suppress notable events
-
-
Risk-Based Alerting
-
Give an overview of Risk-Based Alerting
-
View Risk Notables and risk information on the Incident Review dashboard
-
Explain risk scores and how to change an object’s risk score
-
Review the Risk Analysis dashboard
-
Describe annotations
-
Describe the process for retrieving LDAP data for an asset or identity lookup
-
-
Investigations
-
Use investigations to manage incident response activity
-
Use the Investigation Workbench to manage, visualize and coordinate incident investigations
-
Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)
-
Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts
-
-
Using Security Domain Dashboards
-
Use ES to inspect events containing information relevant to active or past incident investigation
-
Identify security domains in ES
-
Use ES security domain dashboards
-
Launch security domain dashboards from Incident Review and from action menus in search results
-
-
Web Intelligence
-
Use the web intelligence dashboards to analyze your network environment
-
Filter and highlight events
-
-
User Intelligence
-
Evaluate the level of insider threat with the user activity and access anomaly dashboards
-
Understand asset and identity concepts
-
Use the Asset and Identity Investigators to analyze events
-
Use the session center for identity resolution
-
-
Threat Intelligence
-
Give an overview of the Threat Intelligence framework and how threat intel is configured in ES
-
Use the Threat Activity dashboard to see which threat sources are interacting with your environment
-
Use the Threat Artifacts dashboard to examine the status of threat intelligence information in your environment
-
-
Protocol Intelligence
-
Explain how network data is input into Splunk events
-
Describe stream events
-
Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data
-
گواهینامهی دوره
