SIEM: Event Management with Splunk Security
52mIntermediate2023-09-25
Authors

Nato Riley
Course details
Security information and event management (SIEM) helps companies identify risks and threats. Security events are inevitable situations that companies face as they grow, and companies need to be ready with a plan to dramatically reduce the impact of security risks and threats.
In this course, Nato Riley shows you how to master event management with Splunk so you can feel more prepared for security events than ever before. Nato provides you with essential knowledge and principles on how to set achievable security management goals, initiate effective incident discovery processes, and create valuable security reporting. Learn how to handle threats, including ransomware incidents and compromised infrastructure, and make actionable recommendations to improve security outcomes. Join Nato in this course to gain a deeper understanding of how to exert greater control over security outcomes, regardless of the size of your organization.
In this course, Nato Riley shows you how to master event management with Splunk so you can feel more prepared for security events than ever before. Nato provides you with essential knowledge and principles on how to set achievable security management goals, initiate effective incident discovery processes, and create valuable security reporting. Learn how to handle threats, including ransomware incidents and compromised infrastructure, and make actionable recommendations to improve security outcomes. Join Nato in this course to gain a deeper understanding of how to exert greater control over security outcomes, regardless of the size of your organization.
Skills covered
SplunkIncident ResponseCybersecurityDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Event management overview
- 02 - Splunk's approach to security information and event management (SIEM)
- 03 - Introduction to the Splunk Security Essentials app
1. Setting Security Goals
- 04 - The power of a good goal
- 05 - Prioritize your security goals
- 06 - Create event management to delegate and collaborate
- 07 - Plan a case management strategy
- 08 - How to use regex for custom event filtering
- 09 - How to use GRC as a starting point
2. The Security Information Discovery Process
- 10 - What is a discovery process
- 11 - How to apply the scientific method to build classifications
- 12 - How to set a hypothesis and run an experiment
- 13 - How to use regex for custom event filtering
3. Build and Report
- 14 - Implementing successful development tests into production
- 15 - Report and alarm scheduling
- 16 - Using MITRE ATT&CK and Cyber Kill Chain frameworks
4. Auto-Remediate and Advise Action
- 17 - Determining which events can be automated
- 18 - Incident response, disaster recovery, and executing case management strategies
- 19 - Root cause analysis and why it matters
- 20 - Managing critical events
- 21 - Real-world use cases
Conclusion
- 22 - Putting it all together
- 23 - Test detections
Related courses
- Introduction to Security Information and Event Management (SIEM)
- Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection
- Identity Threat Protection with Sentinel: Advanced Strategies
- AI-Driven Threat Response with Microsoft Defender for Cloud
- Google Security Operations: Deep Dive by Google
- Advanced Intrusion Detection by Infosec
- CompTIA Network+ (N10-007) Cert Prep: 9 Managing the Network
- Introduction to SecOps on Google Distributed Cloud (GDC) by Google