Mastering Splunk: A Comprehensive Guide (W50) - Pentestmag

DURATION: 3 hours

CPE POINTS: On completion you get a certificate granting you 3 CPE points. 

Course launch date: May 8th, 2023


"Mastering Splunk: A Comprehensive Guide" is a comprehensive and hands-on course that covers all aspects of the Splunk platform, from the fundamentals to advanced topics. The course is designed to provide students with the knowledge and skills to effectively use Splunk to analyze and visualize data in their personal and professional lives. With the increasing amount of data generated, it is becoming more important for professionals to be able to effectively analyze this data, making this course both important and relevant. The course includes hands-on exercises and lab building, making it a valuable learning experience for anyone looking to master Splunk.


Who is this course for?

This course is intended for IT professionals, data analysts, and anyone who wants to gain a deeper understanding of Splunk and its capabilities.

Why take it NOW?

Now is a great time to learn this topic because as organizations are generating more and more data, the ability to effectively analyze and visualize this data is becoming increasingly critical. Splunk is a powerful tool that can help organizations to make sense of their data and gain valuable insights.

Why this course?

Reasons why students should be eager to learn Splunk:

  • Provide valuable data analysis and visualization skills widely used in many industries, which can open up career opportunities.
  • Hands-on approach with real-world case studies and lab exercises allows students to apply their knowledge to their own work and gain practical experience.
  • Learning Splunk can improve the performance and security of systems and networks, and gain valuable insights into data.
  • Can be extremely valuable in today's data-driven world, as organizations are generating more and more data that needs to be analyzed in order to make informed decisions.

Course benefits:

What skills will you gain?​​ ​​​

The students will be able to add the following "superpowers" to their resume:

  • Experience with large data analysis and visualization using Splunk
  • Expertise in using Splunk's search language to filter and analyze data
  • Ability to create and manage indexes, visualizations and dashboards in Splunk
  • Experience with creating saved searches and alerts in Splunk
  • Knowledge of data analysis and data visualization best practices.

What will you learn about?

After the course, students will know:

  • The basics of Splunk and its architecture
  • How to navigate the Splunk interface
  • How to create and manage indexes
  • How to perform basic and advanced searches
  • How to create custom visualizations
  • How to build dashboards
  • How to create correlation rules

The students will learn new ways or frameworks of thinking:

  • How to analyze and visualize large sets of data using Splunk
  • How to effectively search and filter data in Splunk

What tools will you use?

The course will primarily use  Splunk software as the main tool for data analysis and visualization. Additionally, the course will also make use of Amazon Web Services (AWS) cloud infrastructure as a platform for running lab exercises and hands-on projects.


Course general information: 

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What will you need?

In order to take the course, students will need the following hardware and software:

  • A computer with internet access
  • A web browser
  • An AWS account (or access to one)
  • A Splunk license (or access to a Splunk instance)
  • AWS CLI

What should you know before you join?

Before joining the course, it would be beneficial for students to have:

  • Familiarity with basic computer usage and navigation
  • Basic knowledge of SQL

YOUR INSTRUCTOR - Afshan Naqvi

Afshan is a seasoned professional who excels in both the security industry and education sector. With hands-on experience as an OSINT analyst at a reputable Israeli firm, she brings a wealth of practical knowledge to the course. In addition to this, Afshan is an instructor at Securzy.io and SOC Experts, where she shares her expertise and passion for the subject with students. On top of all that, she runs a YouTube channel called AFS Hackers Academy, where she shares her insights and knowledge with a wider audience. With a passion for both the technical and teaching aspects of security, she is the perfect guide to lead you on your journey to becoming a Splunk pro.


COURSE SYLLABUS


Module 0

Before the Course

Here's what we will include in the course introduction:

  • Overview of the Course: Will give a brief overview of what the course will cover, what students will learn, and what they can expect.
  • Course Outcomes: will clearly define the objectives and outcomes of the course, what students will be able to do after completing the course.
  • Instructor Introduction: Introduce myself, my background, and why I’m qualified to teach the course.
  • Prerequisites: prerequisites for the course.
  • Course Structure: Explain the course structure, including the modules, lessons, and assessments.
  • Course Content: Provide an overview of the course content, including the topics that will be covered and the format of each lesson.
  • Technical Requirements: Provide a list of technical requirements for the course, such as software and hardware needed to participate.

Module 1

Introduction to log analysis

This module serves as the starting point for students who are new to log analysis and Splunk. This module provides an overview of log analysis and the importance of log data.

The module is designed to give students a solid foundation in the basics of log analysis and Splunk, preparing them for the more advanced modules in the course. Through interactive lectures, hands-on exercises, and real-world examples, students will learn about the different types of log data and the benefits of using Splunk for log analysis. By the end of this module, students will have a clear understanding of the fundamentals of log analysis and be ready to dive deeper into the world of Splunk.

Module 1 covered topics: 

  • What is Raw log analysis?
  • Why are we trying to read logs?
  • Why should Security Analysts know log analysis?
  • Why do we need logs? Why do we store them?
  • How to perform log analysis
  • Practical example of reading logs [I’m planning to add the Palo Alto FW and AD server logs for this demo.]

Module 1 exercises:

  • MCQ Quiz

Module 2

Introduction to Splunk and Its Components

Introduction to Splunk is critical to understanding the theme of the course, provides a foundation for the rest of the course, is interesting because of the power of Splunk, and is useful for anyone looking to become proficient in Splunk.

Module 2 covered topics: 

  • What is SIEM and why it is important?
  • SIEM characteristics.
  • Overview of Splunk: what it is and how it works.
  • Splunk Architecture: understanding the components of Splunk.
  • Different sources of logs.

Module 2 exercises:

  • MCQ Quiz

Module 3

Building the Splunk Lab

This module aims to provide hands-on experience in setting up and using Splunk in a lab environment. This module is designed to help students gain a deeper understanding of Splunk's capabilities by building and testing real-world scenarios.

Setting up the lab is super important because all the other modules in the course will build upon this module.

Module 3 covered topics:

  • Create an AWS account for the lab
  • Launch a Windows server in AWS
  • Configure the AD server in AWS
  • Launch a Linux server in AWS
  • How to Install Splunk on a server
  • How to onboard AD server log to Splunk
  • How to onboard Web server log to Splunk

Module 3 exercises:

  • Students will have to build their own lab

Module 4

Introduction to Splunk Search Queries

This module covers the core concepts of Splunk search syntax, fields, and basic search commands. The module also covers how to filter, sort and format search results to extract meaningful insights from the data. It is intended for individuals who are new to Splunk and wish to learn the basics of searching and analyzing data with the platform.

In order to effectively use Splunk, individuals must have a strong understanding of basic search concepts and commands. By studying this topic, students will be able to perform data analysis and extract meaningful insights from their data.

Module 4 covered topics:

  • Basic search syntax and query structure
  • Understanding Splunk fields and field extraction
  • Overview of Splunk search commands and their usage
  • Time range selection and time-based searches
  • Saving and sharing search results.

Here’s the list of commands:

  • search 
  • sort
  • fields
  • table 
  • timechart 
  • stats 
  • rename 
  • where 
  • top 
  • limit

Module 4 exercises:

  • Splunk queries

Module 5

Splunk Advanced Search Queries

This module is important to include in the study of the course theme because it builds upon the foundation provided in the "Introduction to Splunk Search Queries" module and expands students' knowledge and skills in the platform.

In order to effectively use Splunk, individuals must have a strong understanding of advanced search concepts and commands. By studying this topic, students will be able to perform advanced data analysis and extract meaningful insights from their data.

Module 5 covered topics:

Will cover the following commands:

  • join 
  • dedup
  • transaction
  • streamstats
  • timepick 
  • aggregate

Module 5 exercises:

  • Splunk queries

Module 6

Creating Effective Splunk Reports: Techniques and Best Practices

This topic is important to study because the ability to effectively visualize data is a crucial component of data analysis. Splunk reports provide a means of presenting data in a clear and concise manner, enabling individuals to make informed decisions based on their data. By studying this topic, students will be able to create reports that effectively communicate insights and drive data-driven decision-making.

Module 6 covered topics:

  • Overview of Splunk Reports: An introduction to the concept of Splunk reports, including their purpose and key benefits.
  • Splunk Report Types: A review of the different types of Splunk reports, including chart reports, summary reports, and custom reports.
  • Data Visualization Techniques: An exploration of best practices for visualizing data, including the use of colors, labels, and chart types.
  • Report Design Principles: A discussion of the key design principles for creating effective Splunk reports, including layout, readability, and usability.
  • Creating Custom Reports: A hands-on demonstration of the process of creating custom Splunk reports, including  use of advanced search commands and data manipulation techniques.

Module 6 exercises:

  • Creating a Splunk Chart Report

Module 7

Introduction to Splunk Dashboard

The "Splunk Dashboard" module is a crucial component of any course focused on data analysis and visualization with Splunk, as it provides students with the opportunity to develop their data analysis and presentation skills to apply them in real-world scenarios.

Module 7 covered topics:

  • Introduction to Splunk Dashboards: An overview of the purpose and benefits of using Splunk dashboards, including real-world use cases and examples.
  • Creating Dashboard Panels: A hands-on demonstration of the process of creating dashboard panels, including the use of search commands and data visualization techniques.
  • Customizing Dashboard Panels: An exploration of the options for customizing dashboard panels, including the use of different panel types, colors, and styles.

Module 7 exercises:

  •  Creating a Splunk dashboard that visualizes web server logs

Module 8

Introduction to Splunk License

Splunk licensing is a critical component of any Splunk deployment and it is important to understand the licensing model in order to effectively manage and optimize Splunk licenses. Understanding Splunk licensing is essential for any administrator or manager responsible for the management and deployment of Splunk. By studying this topic, students will be equipped with the knowledge and skills necessary to effectively manage their Splunk licenses and ensure that their Splunk deployments are properly licensed and optimized.

Module 8 covered topics:

  • Overview of Splunk Licensing Model 
  • Understanding the Splunk Indexing Volume
  • Licensing Types

Module 8 exercises:

  • MCQ Quiz

Module 9

Introduction to Splunk Correlation Rules

An important module to include in the study of the Splunk as it teaches advanced techniques for identifying and mitigating security threats using Splunk. It is important to study this topic as security threats are constantly evolving and organizations need to stay ahead of potential attacks by detecting them early on. Understanding how to create and implement correlation rules in Splunk allows organizations to better protect their systems and data.

This module is useful as it provides hands-on learning experiences to help students understand the steps involved in creating correlation rules, testing and validating the rules, then integrating them into the organization's security operations. By completing this module, students will have the knowledge and skills to implement advanced threat detection techniques using Splunk.

Module 9 covered topics:

  • Overview of Splunk correlation rules
  • Types of correlation rules
  • Use cases for correlation rules
  • Create a custom correlation rule [Demo]

Contact

Questions? Reach out to us at [email protected].

Course Reviews

N.A

ratings
  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023