Splunk for Beginner SOC Analysts

A comprehensive course designed to equip aspiring SOC analysts with the fundamental Splunk skills needed for security monitoring, incident response, and threat detection.

...

Introduction to Splunk and the SOC

Unit 1: Understanding the SOC and SIEM

Unit 2: Splunk as a SIEM

Unit 3: SOC Analyst Workflow and Splunk

Navigating the Splunk Web Interface

Unit 1: Getting Started with the Splunk Web Interface

Unit 2: Key Interface Elements and Their Functions

Unit 3: Exploring Splunk Apps and Customization

Basic Splunk Search Queries

Unit 1: Introduction to Splunk Searching

Unit 2: Boolean Operators

Unit 3: Wildcards and Time Ranges

Introduction to Splunk's Search Processing Language (SPL)

Unit 1: SPL Fundamentals

Unit 2: Basic SPL Commands

Unit 3: Chaining Commands and Advanced Filtering

Data Analysis with SPL: Counting and Statistics

Unit 1: Counting Events with the 'count' Command

Unit 2: Calculating Statistics with the 'stats' Command

Unit 3: Grouping Data with the 'by' Clause

Visualizing Security Data in Splunk

Unit 1: Introduction to Splunk Visualizations

Unit 2: Exploring Different Chart Types

Unit 3: Tables and Advanced Customization

Ingesting Windows Event Logs into Splunk

Unit 1: Understanding Windows Event Logs

Unit 2: Configuring Splunk for Windows Event Logs

Unit 3: Troubleshooting and Best Practices

Processing Firewall Logs in Splunk

Unit 1: Understanding Firewall Logs

Unit 2: Ingesting Firewall Logs into Splunk

Unit 3: Field Extractions and Analysis

Working with Intrusion Detection System (IDS) Alerts

Unit 1: Understanding and Ingesting IDS Alerts

Unit 2: Normalizing and Correlating IDS Data

Unit 3: Prioritizing and Investigating IDS Alerts

Creating Basic Splunk Alerts

Unit 1: Understanding Splunk Alerts

Unit 2: Creating Basic Alerts

Unit 3: Configuring Alert Actions

Alerting on Suspicious User Behavior

Unit 1: Identifying Suspicious Login Activity

Unit 2: Monitoring Data Access and Usage

Unit 3: Creating and Tuning Splunk Alerts

Detecting Malware Infections with Splunk

Unit 1: Endpoint Data Analysis for Malware Detection

Unit 2: Creating Malware Detection Alerts

Unit 3: Threat Intelligence Integration and Incident Response

Simulated Security Incident: Phishing Attack Investigation

Unit 1: Phishing Attack Overview and Initial Data Gathering

Unit 2: Identifying Affected Users and Systems

Unit 3: Tracking Attacker Activity and Scope of Compromise

Unit 4: Documentation and Reporting

Simulated Security Incident: Brute-Force Attack Investigation

Unit 1: Understanding Brute-Force Attacks and Splunk Setup

Unit 2: Identifying the Attacker and Target

Unit 3: Assessing Damage and Implementing Mitigation

Unit 4: Advanced Mitigation and Reporting

SOC Procedures and Incident Response with Splunk

Unit 1: Understanding SOC Procedures and Incident Response

Unit 2: Using Splunk for Incident Response

Unit 3: Collaboration and Documentation in Splunk

Advanced Splunk Searching and Reporting

Unit 1: Mastering Subsearches in Splunk

Unit 2: Advanced Reporting Techniques

Unit 3: Scheduling and Optimizing Splunk Reports