Special offers now — see discounted courses.
day
:
hour
:
min
:
sec
See special offers
SIEM: Event Management with Splunk Security

SIEM: Event Management with Splunk Security

52mIntermediate2023-09-25

Authors

Nato Riley

Nato Riley

Course details

Security information and event management (SIEM) helps companies identify risks and threats. Security events are inevitable situations that companies face as they grow, and companies need to be ready with a plan to dramatically reduce the impact of security risks and threats.

In this course, Nato Riley shows you how to master event management with Splunk so you can feel more prepared for security events than ever before. Nato provides you with essential knowledge and principles on how to set achievable security management goals, initiate effective incident discovery processes, and create valuable security reporting. Learn how to handle threats, including ransomware incidents and compromised infrastructure, and make actionable recommendations to improve security outcomes. Join Nato in this course to gain a deeper understanding of how to exert greater control over security outcomes, regardless of the size of your organization.

Skills covered

SplunkIncident ResponseCybersecurityDeep Dive (X:Y)

Concepts

0. Introduction

  • 01 - Event management overview
  • 02 - Splunk's approach to security information and event management (SIEM)
  • 03 - Introduction to the Splunk Security Essentials app

1. Setting Security Goals

  • 04 - The power of a good goal
  • 05 - Prioritize your security goals
  • 06 - Create event management to delegate and collaborate
  • 07 - Plan a case management strategy
  • 08 - How to use regex for custom event filtering
  • 09 - How to use GRC as a starting point

2. The Security Information Discovery Process

  • 10 - What is a discovery process
  • 11 - How to apply the scientific method to build classifications
  • 12 - How to set a hypothesis and run an experiment
  • 13 - How to use regex for custom event filtering

3. Build and Report

  • 14 - Implementing successful development tests into production
  • 15 - Report and alarm scheduling
  • 16 - Using MITRE ATT&CK and Cyber Kill Chain frameworks

4. Auto-Remediate and Advise Action

  • 17 - Determining which events can be automated
  • 18 - Incident response, disaster recovery, and executing case management strategies
  • 19 - Root cause analysis and why it matters
  • 20 - Managing critical events
  • 21 - Real-world use cases

Conclusion

  • 22 - Putting it all together
  • 23 - Test detections

Related courses

Related learn paths

About us

LyndaKade is a leading learning platform that helps people learn business, software, technology, and creative skills to achieve personal and professional goals.

Phone numberAparat ChannelTelegram SupportTelegram ChannelInstagram Page

All rights to this site belong to LyndaKade.

Terms of Service|Privacy Policy

نماد الکترونیک enamad در صورت اتصال با آی‌پی داخل کشور، نمایش داده خواهد شد.
logo-samandehi - لوگو ساماندهی
zarinpal
zibal