SPL for SOC Analysts

Master Splunk Search Processing Language (SPL) to enhance your SOC analyst skills, enabling effective security investigations, threat hunting, and incident response.

...

Introduction to SPL and Basic Event Retrieval

Unit 1: SPL Fundamentals

Unit 2: Navigating the Splunk Interface

Unit 3: Index-Specific Searches

Filtering and Transforming Data with SPL

Unit 1: Filtering with SPL: `search` and `where`

Unit 2: Transforming Data: `dedup`, `sort`, and `head`

Unit 3: Extracting and Formatting Fields: `rex` and `eval`

Statistical Analysis, Reporting, and Lookups with SPL

Unit 1: Statistical Analysis with SPL

Unit 2: Reporting and Visualizations

Unit 3: Lookups for Data Enrichment

Event Correlation, Alerting, and Optimization

Unit 1: Event Correlation with SPL

Unit 2: Alerting with SPL

Unit 3: SPL Optimization

Investigating Security Incidents and Threat Hunting with SPL

Unit 1: Investigating Malware Infections with SPL

Unit 2: Investigating Phishing Attacks with SPL

Unit 3: Threat Hunting with SPL