Detaillierter Kursinhalt
Topic 1 - Splunk Mission Control Overview
- Introduce Splunk Mission Control
- Discuss features and capabilities
- Identify benefits to security teams
- Review the overall architecture
Topic 2 - Triage, Investigate, & Respond
- Triage, Investigate, & Respond
- Search for notables and filter the analyst queue
- Use response templates in a notable investigation
- Add notes, files, artifacts, and critical evidence to a notable
Topic 3 - Response Templates
- Select and apply a response template for a particular use case
- Modify the template to fit the notable investigation use case
- Edit and delete the phases and tasks of the template
- Create a new response template
Topic 4 - Dashboards
- Review how to manage and create dashboards
- Configure ad-hoc and on-premises searches
- Add source connections for 3rd-party data sources
- Build visualizations and utilize user inputs
- Save and export dashboards