In the modern cyber security landscape, detecting and responding to cyber threats is critical to protecting organisational assets and data. This comprehensive course, “Mastering Splunk For SOC Analysts” provides learners with in-depth knowledge of Splunk’s Security Information and Event Management (SIEM) capabilities and equips them with the skills to investigate and respond to cyber attacks effectively.
- Foundational Understanding of Splunk SIEM: Explore the architecture, core functionalities, and operational benefits of Splunk as a SIEM solution.
- Real-World Cyber Threats: Learn how Splunk detects threats like phishing, malware, insider threats, and data exfiltration.
- Hands-On Investigations: Dive into practical scenarios, including log analysis, threat correlation, and incident triage. Scenarios presented in this course use BOTSV1, BOTSV2 & BOTSV3 datasets which can be found directly by accessing the below rooms in TryHackMe:
- – TryHackMe Splunk 2
- – TryHackMe Splunk 3
- – TryHackMe Incident Handling with Splunk
Learning Objectives:
By the end of this course, participants will be able to:
- Navigate Splunk’s interface to analyze security logs and events.
- Set up and configure dashboards for real-time monitoring of cyber threats.
- Investigate security incidents using Splunk’s search and visualization tools.
- Perform root cause analysis of cyberattacks, from initial compromise to data exfiltration.
Target Audience:
- Cybersecurity Analysts and Engineers
- SOC (Security Operations Center) Professionals
- IT Security Managers
- Anyone with a foundational understanding of cybersecurity looking to master Splunk