Duration: 16 hours

Objectives:

What you’ll learn:

• Understand basics of ES end-user features
• Plan an ES deployment
• Perform initial ES installation and configuration
• Manage data intake and normalization in ES
• Create correlation searches
• Configure ES lookups
• Configure the ES threat intelligence framework

Prerequisites:

• Splunk Fundamentals
• Splunk Enterprise System Administration
• Splunk Enterprise Data Administration
• Advanced Searching and Reporting
• Splunk Enterprise Cluster Administration

Course outlines:

1. Module 1: Introduction to ES

2. Module 2: Analyst Tools & Data Sources

3. Module 3: ES Deployment

4. Module 4: Installation

5. Module 5: Initial Configuration

6. Module 6: Validating ES Data

7. Module 7: Custom Add-ons

8. Module 8: Tuning Correlation Searches

9. Module 9: Creating Correlation Searches

10. Module 10: Lookups & Identity Management

11. Module 11: Threat Intelligence Framework

12. Module 12: ES Optimize Operation