Using Splunk Mission Control (USMC)

 

Contenu

Splunk Mission Control is a cloud-based, unified security operations platform. It brings together security data, analytics, and operations so that security teams can manage incidents across the entire event lifecycle. This 4.5-hour hands-on module introduces Mission Control and illustrates its benefits to security teams. You will learn how to triage, investigate, and respond to security incidents. You will also learn how to create new response plans and build customized dashboards to gain further insights into your data.

Objectifs

  • Mission Control overview and architecture
  • Features, capabilities, and benefits
  • Triage notables in the analyst queue
  • Start a notable investigation
  • Use and create new response templates
  • Analyze security data using dashboards

Outline: Using Splunk Mission Control (USMC)

Topic 1 - Splunk Mission Control Overview

  • Introduce Splunk Mission Control
  • Discuss features and capabilities
  • Identify benefits to security teams
  • Review the overall architecture

Topic 2 - Triage, Investigate, & Respond

  • Triage, Investigate, & Respond
  • Search for notables and filter the analyst queue
  • Use response templates in a notable investigation
  • Add notes, files, artifacts, and critical evidence to a notable

Topic 3 - Response Templates

  • Select and apply a response template for a particular use case
  • Modify the template to fit the notable investigation use case
  • Edit and delete the phases and tasks of the template
  • Create a new response template

Topic 4 - Dashboards

  • Review how to manage and create dashboards
  • Configure ad-hoc and on-premises searches
  • Add source connections for 3rd-party data sources
  • Build visualizations and utilize user inputs
  • Save and export dashboards

Prix & Delivery methods

Formation en ligne

Durée 0,5 jours

Prix
  • Online Training: CAD 635,–
  • Online Training: US$ 500,–
Formation en salle équipée

Durée 0,5 jours

Prix
  • Canada: CAD 635,–

Cliquez sur le nom de la ville ou sur "Formation en ligne" pour réserver Agenda

This is an Instructor-Led Classroom course
Instructor-led Online Training:   Cours en ligne avec instructeur

Slovénie

Formation en ligne Fuseau horaire: Europe/Ljubljana Langue: Anglais S'inscrire
Formation en ligne Fuseau horaire: Europe/Ljubljana Langue: Anglais S'inscrire