[go: up one dir, main page]
Scribd
Upload
62 views1 page

Using Splunk Uba Course Description

This 4-hour course teaches users how to investigate threats using Splunk UBA, covering installation, configuration, management, and troubleshooting. It includes modules on the analyst and hunter workflows, user activity review, and domain monitoring. Prerequisites include a solid understanding of Splunk and related courses, with a focus on threat hunting and incident response.

Uploaded by

titmambyves6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
62 views1 page

Using Splunk Uba Course Description

This 4-hour course teaches users how to investigate threats using Splunk UBA, covering installation, configuration, management, and troubleshooting. It includes modules on the analyst and hunter workflows, user activity review, and domain monitoring. Prerequisites include a solid understanding of Splunk and related courses, with a focus on threat hunting and incident response.

Uploaded by

titmambyves6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Using Splunk UBA

This 4-hour course is designed for users who are responsible for ▪ Investigating Threats
leveraging Splunk UBA. The course provides the fundamental ▪ Threat Watchlists
knowledge of Splunk UBA, foundational product information, and use ▪ Closing Threats
cases for Threat Hunters and Incident Response. It covers installation
prerequisites, configuration, management, monitoring, and Module 4 – The Hunter Workflow
troubleshooting of Splunk forwarders and Splunk Deployment Server ▪ What is a Threat Hunter?
components. ▪ Anomalies in Splunk UBA
▪ Working with Anomalies
Course Topics
▪ Anomaly Watchlists
▪ Splunk UBA Overview
▪ Anomaly Action Rules
▪ Starting with Splunk UBA
▪ Users Table
▪ The Analyst Workflow
▪ The Hunter Workflow Module 5 – Reviewing current User activity
▪ Reviewing current User activity ▪ Starting with Users Review
▪ Investigating and Monitoring Domains ▪ Adding Users to Watchlists

Prerequisite Knowledge Module 6 – Investigating and Monitoring Domains


To be successful, students should have a solid understanding of the ▪ Domain association in Anomalies
following courses: ▪ Domain Watchlists
▪ What is Splunk?
Module 7 – Conclusion
▪ Intro to Splunk
▪ Overview of Splunk UBA
Or the following courses: About Splunk Education
▪ Fundamentals 1 Splunk classes are designed for specific roles such as Splunk
▪ Overview of Splunk UBA Administrator, Developer, User, Knowledge Manager, or Architect.
▪ Fundamentals 2 (recommended) Certification Tracks
Students should also understand the following courses: Our certification tracks provide comprehensive education for
▪ Using Splunk Enterprise Security (recommended) Splunk customer and partner personnel according to their areas
of responsibility.
Course Format To view all Splunk Education's course offerings, or to register for
eLearning a course, go to http://www.splunk.com/education

Course Objectives To contact us, email Education_AMER@splunk.com

Module 1 – Splunk UBA Overview Splunk, Inc.


▪ What is Splunk UBA? 270 Brannan St. San Francisco, CA 94107
▪ Why Splunk UBA?
+1 866.GET.SPLUNK (1 866.438.7758)
▪ How does UBA work with Splunk?
Contact sales
▪ What is the role of Machine Learning?
▪ Distributed Deployment architecture
▪ Scaling UBA deployments
▪ Splunk UBA data flow

Module 2 – Starting with Splunk UBA


▪ Key Indicators
▪ Investigative workflows
▪ Homepage Dashboard Panels

Module 3 – The Analyst Workflow


▪ What is a SOC Analyst?
▪ Working with Incidents
▪ Starting with Threats

Splunk Education Services

You might also like