Splunk For Soc Analysts

Splunk For SOC Analysts, Splunk for SOC Leads

What you'll learn

Specially crafted course for SOC Analysts

How to use Splunk for Security Information and Event Management (SIEM) tasks

Setup of small home lab with real-time data in it.

Learn important commands

Learn about how to create reports, alerts, dashboard and many more things required for SOC Analysts.

Requirements

There is no as such pre-requisite.

Description

This course is specially designed for SOC analysts so that they can use Splunk in completing their BAU tasks.As a SOC analyst, learning Splunk is crucial to stay ahead in the constantly evolving cybersecurity landscape. Splunk is the industry-leading tool for collecting, analyzing, and visualizing data, and it is widely used by organizations of all sizes to manage their security operations.By learning Splunk, you can efficiently monitor your organization's network and systems logs, detect anomalies, and investigate incidents in real-time. You can also create custom dashboards and reports to visualize data and identify trends, which can help you make informed decisions and take proactive measures to prevent future security threats.Moreover, having Splunk expertise on your resume can significantly improve your job prospects and career growth opportunities. Many organizations require SOC analysts to have Splunk skills, and the demand for Splunk professionals is rapidly increasing. So, learning Splunk not only enhances your skills and capabilities but also opens up new doors of opportunities in the cybersecurity industry.In summary, learning Splunk is a smart investment in your career as a SOC analyst, and it can help you stay competitive and advance your career in the rapidly growing cybersecurity field.

Overview

Section 1: About Splunk

Lecture 1 About Splunk

Lecture 2 Splunk Enterprise as a SIEM

Lecture 3 Splunk segments of data pipeline

Lecture 4 Splunk Components

Lecture 5 Splunk Components mapping with Data pipeline segments

Lecture 6 Splunk Sample Architecture

Lecture 7 Conclusion Of Various Splunk Architecture Discussion

Section 2: Splunk Home Lab Setup - Windows Based On Azure

Lecture 8 How to create an account in azure

Lecture 9 How to apply for Splunk Enterprise Developer License

Lecture 10 Creation of Windows VM on Azure using free Azure Credit

Lecture 11 Splunk Enterprise Installation On Windows Machine

Lecture 12 Splunk Developer license upload and other configuration - Windows Instance

Section 3: Splunk home lab setup - Linux Based on VM Ware

Lecture 13 Splunk Installation on Linux Machine (Centos)

Lecture 14 Splunk Developer License Upload & Other Configurations - Linux instance

Section 4: Splunk default ports

Lecture 15 Splunk default ports

Section 5: Splunk directory structure

Lecture 16 Splunk directory structure

Section 6: Splunk Configuration (.conf) files

Lecture 17 Splunk Configuration (.conf) files

Section 7: Splunk App

Lecture 18 Splunk App

Section 8: Lab 2 : Simulation of Event Generation

Lecture 19 SA-Eventgen App installtion and index creation in Splunk - Windows

Lecture 20 SA- Eventgen App installation on Splunk (Linux)

Section 9: Splunk GUI Overview

Lecture 21 Splunk GUI Overview

Section 10: Available options of time ranges and abbreviations in searches

Lecture 22 Available options of time ranges and abbreviations in searches

Section 11: Splunk Search Timeline Controls

Lecture 23 Splunk Search Timeline Controls

Section 12: Available options of time ranges and abbreviations in search bar

Lecture 24 Available options of time ranges and abbreviations in search bar

Section 13: Search Language Syntax concepts

Lecture 25 Search Language Syntax concepts

Section 14: Case Sensitivity During Splunk Search

Lecture 26 Case Sensitivity During Splunk Search

Section 15: Lab 3: How to upload and investigate logs in Splunk

Lecture 27 Investigation file - iis logs upload

Lecture 28 How to upload csv (or any other structured) file in Splunk

Section 16: Lab 4 : Monitor your own OS logs

Lecture 29 Monitoring of own machine's OS logs

Section 17: Lab 5: Manual parsing of logs

Lecture 30 Manual parsing of logs

Section 18: Lab 6: How to monitor file path | Example of csv file extraction

Lecture 31 How to monitor file path and example of CSV file extraction

Section 19: Splunk Role Based Access

Lecture 32 Splunk role based access

Section 20: lookup, lookup definition, automatic lookup

Lecture 33 lookup, lookup definition, automatic lookup

Section 21: Splunk Important Commands

Lecture 34 commands intro

Lecture 35 table commands

Lecture 36 fields command

Lecture 37 head command

Lecture 38 tail command

Lecture 39 top & rare command

Lecture 40 stats command

Lecture 41 timechart command

Lecture 42 chart command

Lecture 43 eventstats command

Lecture 44 dedup command

Lecture 45 sort & rename command

Lecture 46 iconify command

Lecture 47 highlight command

Section 22: Lookup Editor App Installation

Lecture 48 Lookup Editor App Installation

Section 23: Some more search commands

Lecture 49 inputlookup , outpulookup , lookup, append, rex, fillnull, transpose command

Section 24: Splunk KV Store (Key Value Store)

Lecture 50 Splunk KV Store

Section 25: Installation of Splunk Add-on for Microsoft Windows

Lecture 51 Installation of Splunk Add-on for Microsoft Windows

Section 26: Some More Splunk Search Commands

Lecture 52 eval command

Lecture 53 where command and Boolean operator precedence

Lecture 54 multivalue functions | eval command | mvexpand command

Section 27: Types of Search Commands

Lecture 55 Types of search commands and processing attributes

Section 28: Splunk data life cycle stages in term of buckets

Lecture 56 Splunk data life cycle stages in term of buckets

Section 29: General Search Practices

Lecture 57 General Search Practices

Section 30: App Creation from GUI

Lecture 58 App Creation from GUI

Section 31: Field extractions

Lecture 59 Field extractions

Section 32: Report & Alerts

Lecture 60 Report & Alerts

Section 33: Some more Splunk search commands

Lecture 61 iplocation and geostats command

Section 34: Splunk Dashboard Creation

Lecture 62 Dashboard

Section 35: Splunk Dashboard Optimization Using Base Search

Lecture 63 Dashboard Optimization

Section 36: Splunk Macros

Lecture 64 Splunk Macros

Section 37: Splunk Eventtypes

Lecture 65 Splunk Eventtypes

Specially designed course for SOC Analysts.