Duration: 16 hours

Objectives:

What you’ll learn:

• Understand basics of ES end-user features
• Plan an ES deployment
• Perform initial ES installation and configuration
• Manage data intake and normalization in ES
• Create correlation searches
• Configure ES lookups
• Configure the ES threat intelligence framework

Prerequisites:

• Splunk Fundamentals
• Splunk Enterprise System Administration
• Splunk Enterprise Data Administration
• Advanced Searching and Reporting
• Splunk Enterprise Cluster Administration

Course outlines:

1.      Module 1: Introduction to ES

2.      Module 2: Analyst Tools & Data Sources

3.      Module 3: ES Deployment

4.      Module 4: Installation

5.      Module 5: Initial Configuration

6.      Module 6: Validating ES Data

7.      Module 7: Custom Add-ons

8.      Module 8: Tuning Correlation Searches

9.      Module 9: Creating Correlation Searches

10.    Module 10: Lookups & Identity Management

11.    Module 11: Threat Intelligence Framework

12.    Module 12: ES Optimize Operation