Using ES

Duration : 2 Days (16 Hours)

Using ES Course Overview:

This course is designed to prepare security practitioners to effectively utilize Splunk Enterprise Security (ES). Students will learn how to identify and track incidents, analyze security risks, employ predictive analytics, and discover threats using the Splunk ES platform.

Intended Audience:

  • Security Practitioners: Individuals responsible for cybersecurity and incident response.
  • Security Analysts: Professionals involved in analyzing security incidents and threats.
  • Splunk Administrators: Those responsible for configuring and maintaining Splunk Enterprise Security (ES) environments.
  • Incident Responders: Professionals engaged in incident investigation and response.
  • Threat Intelligence Analysts: Individuals working with threat intelligence data within Splunk ES.
  • IT Professionals: Including those responsible for network and system security.
  • Anyone interested in using Splunk ES for security monitoring, incident investigation, and threat analysis.

Learning Objectives of Using ES:

  • ES Concepts, Features, and Capabilities
  • Security Monitoring and Incident Investigation
  • Using Risk-Based Alerting and Risk Analysis
  • Assets and Identities Overview
  • Creating Investigations and Using the Investigation Workbench
  • Detecting Known Types of Threats
  • Monitoring for New Types of Threats
  • Using Analytical Tools and Dashboards
  • Analyzing User Behavior for Insider Threats
  • Using Threat Intelligence Tools
  • Using Protocol Intelligence

Module 1: Getting Started with ES

  • Features and capabilities of Splunk Enterprise Security (ES)
  • How ES aids security practitioners in threat prevention, detection, and response
  • Correlation searches, data models, and notable events
  • User roles in ES
  • Logging into Splunk Web and accessing Splunk for Enterprise Security

Module 2: Security Monitoring and Incident Investigation

  • Using the Security Posture dashboard for ES monitoring
  • Investigating notable events using the Incident Review dashboard
  • Incident ownership and investigation workflow
  • Creating notable events
  • Suppressing notable events

Module 3: Risk-Based Alerting

  • Overview of Risk-Based Alerting
  • Viewing Risk Notables and risk information on the Incident Review dashboard
  • Understanding risk scores and changing object risk scores
  • Risk Analysis dashboard
  • Annotations
  • Retrieving LDAP data for asset or identity lookup

Module 4: Assets & Identities

  • ES Assets and Identities framework overview
  • Identifying missing asset or identity data in ES dashboards or notable events
  • Asset & Identity Management Interface
  • Viewing asset or identity lookup table contents

Module 5: Investigations

  • Managing incident response activity with investigations
  • Using the Investigation Workbench for incident investigations
  • Adding items to investigations (notes, action history, collaborators, events, assets, identities, files, and URLs)
  • Utilizing investigation timelines, lists, and summaries for breach analysis

Module 6: Security Domain Dashboards

  • Overview of ES security domains
  • Using Security Domain dashboards to troubleshoot security threats
  • Launching Security Domain dashboards from Incident Review and notable event Action menus

Module 7: User Intelligence

  • User activity analysis and investigators
  • Analyzing events related to assets or identities
  • Detecting suspicious access patterns with access anomalies

Module 8: Web Intelligence

  • Using web intelligence dashboards for network analysis
  • Event filtering and highlighting

Module 9: Threat Intelligence

  • Threat Intelligence framework overview and configuration in ES
  • Utilizing the Threat Activity dashboard to track threat interactions
  • Examining threat intelligence status with the Threat Artifacts dashboard

Module 10: Protocol Intelligence

  • How network data is input into Splunk events
  • Stream events and Protocol Intelligence dashboards for network data analysis

Using ES Course Prerequisites:

To succeed in this course, students should have a solid understanding of the following prerequisites:

  • What is Splunk?
  • Intro to Splunk
  • Using Fields
  • Visualizations
  • Search Under the Hood
  • Intro to Knowledge Objects
  • Introduction to Dashboards

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability


  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention


  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.