Splunk Enterprise Security Admin Training

Live Online & Classroom Enterprise Training

Covers the configuration and administration of Splunk Enterprise Security (ES) for security operations. Focuses on data onboarding, correlation searches, dashboards, and incident management to improve threat detection and response efficiency.

Looking for a private batch ?

REQUEST A CALLBACK

Enterprise Reporting
Lifetime Access
CloudLabs
24x7 Support
Real-time code analysis and feedback

What is Splunk Enterprise Security Admin Training about?

Splunk Enterprise Security (ES) is a powerful SIEM (Security Information and Event Management) solution that enables organizations to detect, investigate, and respond to threats in real-time. This course equips learners with the knowledge and skills required to install, configure, and manage Splunk ES, including data onboarding, correlation searches, dashboards, and incident workflows. Designed for administrators and security professionals, it provides hands-on expertise in operationalizing Splunk ES for enterprise-scale security monitoring and compliance.

What are the objectives of Splunk Enterprise Security Admin Training ?

Understand the architecture and components of Splunk Enterprise Security.
Configure data inputs, correlation searches, and threat detection use cases.
Manage dashboards, reports, and security posture monitoring.
Implement incident review, investigation, and workflow management.
Optimize Splunk ES performance for enterprise-scale environments.

Who is Splunk Enterprise Security Admin Training for?

Splunk Administrators and Engineers.
Security Operations Center (SOC) Analysts.
Security Engineers and Architects.
IT Professionals working in cybersecurity operations.
Professionals preparing for Splunk Security certifications.

What are the prerequisites for Splunk Enterprise Security Admin Training?

Prerequisites:

Basic knowledge of Splunk platform administration.
Familiarity with cybersecurity fundamentals and SIEM concepts.
Experience with data onboarding and search in Splunk.
Understanding of networking and security protocols.
Completion of Splunk Fundamentals training (recommended).

Learning Path:

Introduction to Splunk Enterprise Security (ES) Architecture
Data Onboarding and Normalization for Security Use Cases
Configuring Correlation Searches and Threat Detection
Managing Dashboards, Incident Reviews, and Workflow Automation
Splunk ES Optimization, Troubleshooting, and Compliance Reporting

Related Courses:

Splunk Core Certified Power User
Splunk Enterprise Certified Admin
Splunk Core Certified Advanced Power User
Splunk Enterprise Security Certified Admin (Advanced)

Available Training Modes

Live Online Training

3 Days

Course Outline Expand All

Expand All

Module 1- Introduction to ES

Review how ES functions

Understand how ES uses data models

Configure ES roles and permissions

Module 2- Security Monitoring

Customize the Security Posture and Incident Review dashboards

Create ad hoc notable events

Create notable event suppressions

Module 3- Risk-Based Alerting

Give an overview of risk-based alerting

View Risk Notables and risk information on the Incident Review dashboard

Explain risk scores and how an ES admin can change an object's risk score

Review the Risk Analysis dashboard

Describe annotations

Module 4 - Incident Investigation

Review the Investigations dashboard

Customize the Investigation Workbench

Manage investigations

Module 5- Validating ES Data

Verify data is correctly configured for use in ES

Validate normalization configurations

Install additional add-ons

Module 6- Tuning Correlation Searches

Configure correlation search scheduling and sensitivity

Tune ES correlation searches

Module 7- Asset & Identity Management

Review the Asset and Identity Management interface

Describe Asset and Identity KV Store collections

Configure and add asset and identity lookups to the interface

Configure settings and fields for asset and identity lookups

Explain the asset and identity merge process

Describe the process for retrieving LDAP data for an asset or identity lookup

Who is the instructor for this training?

The trainer for this Splunk Enterprise Security Admin Training has extensive experience in this domain, including years of experience training & mentoring professionals.

Reviews

My outlook on training changed completely after attending SpringPeople BPC training. The content, the trainer and infrastructure at SpringPeople were top notch and perfectly in tune with the industry requirements. Regardless to say, training is now something that I look forward to to. Kudos to everyone at SpringPeople!

Shweta Priya

Sony

I attended the 3-day AngularJs training at SpringPeople. The trainer was an industry veteran with vast experience in the subject. Notably, the hands-on training, and the Q&A session stood out. Overall, I found SpringPeople a great place to learn with excellent facilities and great trainers. Would recommend SpringPeople to my colleagues and friends.

Swati Singh

I attended the training on API Design for Mulesoft. The sessions were well planned and value-laden. I benefited immensely from the hands-on experience enabled through virtual labs. I would like to specifically commend the efficiency of the support team who were always available to resolve my concerns.

Nikhil Kohli

Stryker

I attended the jQuery training batch, conducted by Mr. Vijay, an SME who did a thorough coverage of all the essentials. He took us through concepts such as jQuery animations, event handlers, plugins, and jQuery-UI by small programs, very easily. The sessions were useful and well structured. By the end of the training, I was well equipped to develop a SPA on Product Management System. Overall, the learning experience at SpringPeople was great!

Heena Rajan

Mindtree