Splunk SIEM for SOC Level 1 Analysts: Core Skills in 2 Days

Master the core Splunk skills needed to excel as a SOC Level 1 analyst in just two days, from basic searching to incident response.

...

Introduction to Splunk and the SOC

Unit 1: Understanding SIEM and the SOC

Unit 2: Splunk as a Leading SIEM

Unit 3: Course Overview and Expectations

Splunk Interface Overview

Unit 1: Getting Started with the Splunk Interface

Unit 2: Key Interface Elements

Unit 3: User Roles and Permissions

Data Ingestion and Indexing

Unit 1: Understanding Splunk Data Ingestion

Unit 2: Configuring Data Inputs

Unit 3: Data Normalization and Field Extraction

Introduction to Search Processing Language (SPL)

Unit 1: Understanding SPL Fundamentals

Unit 2: SPL Components and Data Processing

Unit 3: Advanced SPL Concepts

Basic SPL Commands: Keywords and Operators

Unit 1: Keywords in SPL

Unit 2: Boolean Operators

Unit 3: Wildcards and Order of Operations

Time Range Modifiers

Unit 1: Understanding Time in Splunk

Unit 2: Relative Time Modifiers

Unit 3: Absolute Time Modifiers

Unit 4: Time Zones and Best Practices

Filtering and Transforming Data with SPL

Unit 1: Selecting Fields with Table

Unit 2: Fields Command: Include and Exclude

Unit 3: Renaming Fields for Clarity

Analyzing Data with Statistics and Charts

Unit 1: Introduction to Statistical Analysis with Splunk

Unit 2: Visualizing Data with Charts

Unit 3: Advanced Charting Techniques

Identifying Malware Infections

Unit 1: Malware Infection Basics

Unit 2: Detecting Malware with Splunk

Unit 3: Advanced Malware Detection

Detecting Phishing Attempts

Unit 1: Phishing Detection Fundamentals

Unit 2: Searching for Suspicious Emails

Unit 3: Analyzing Web Traffic for Phishing

Unit 4: Correlation and Response

Investigating Unauthorized Access

Unit 1: Authentication Logs and Failed Logins

Unit 2: Privilege Escalation and User Activity

Unit 3: Correlation and Incident Response

Creating Basic Reports

Unit 1: Report Creation Fundamentals

Unit 2: Scheduling and Delivery

Unit 3: Customization and Types

Building Interactive Dashboards

Unit 1: Dashboard Fundamentals

Unit 2: Visualizing Data Effectively

Unit 3: Advanced Dashboard Techniques

Data Correlation Techniques

Unit 1: Understanding Data Correlation

Unit 2: Using the 'transaction' Command

Unit 3: Using the 'join' Command

Unit 4: Challenges and Best Practices

Identifying Complex Security Incidents

Unit 1: Understanding Complex Incidents

Unit 2: Correlating Data in Splunk

Unit 3: Analyzing Logs and Network Traffic

Unit 4: Documentation and Communication

Introduction to Splunk Alerts

Unit 1: Understanding Splunk Alerts

Unit 2: Types of Splunk Alerts

Unit 3: Configuring Basic Splunk Alerts

Unit 4: Alert Tuning and Best Practices

Creating and Managing Alerts

Unit 1: Alert Creation Fundamentals

Unit 2: Advanced Alert Configuration

Unit 3: Alert Management and Optimization

Responding to Security Threats with Alerts

Unit 1: Alert Investigation Fundamentals

Unit 2: Threat Containment and Remediation

Unit 3: Documentation and Reporting

Introduction to Splunk Enterprise Security (ES)

Unit 1: ES Overview and Benefits

Unit 2: Navigating the ES Interface

Unit 3: ES Key Features Deep Dive

Using Splunk ES for Security Monitoring

Unit 1: Core ES Monitoring Concepts

Unit 2: Correlation Searches in Depth

Unit 3: Risk Analysis and Incident Review

Incident Response with Splunk ES

Unit 1: Incident Investigation in Splunk ES

Unit 2: Incident Management and Collaboration

Unit 3: Documentation and Reporting

Best Practices and Next Steps

Unit 1: SOC Best Practices with Splunk

Unit 2: Continuous Learning and Skill Development

Unit 3: Advanced Splunk Features