Advanced Threat Hunting with Splunk

Advanced Threat Hunting

Advanced Threat Hunting with Splunk – When it comes to log analysis Splunk is one the most popular enterprise-grade solutions in the field today. It can pull logs from nearly any device in the network, and it can integrate with most of the popular security products on the market. In the InfoSec field today Splunk is a common tool for what called Cyber Threat Hunting/Hunt Teaming/Malware Hunting/Defensive Cyber Operations (DCO)/Cyber Threat Analysis and many other names.

 

As popular as Splunk is – surprisingly few people are comfortable performing security event analysis with it. We decided to develop a Hands-on Splunk course designed specifically for InfoSec Professionals that want to do HANDS-ON DEEP TECHNICAL SECURITY ANALYSIS with Splunk.

 

Class Syllabus

Module 1: Deploying Splunk, configuring logging and forwarding

  • Installing Splunk
  • Configuring logging in Windows and Linux
  • Setting up log forwarding
  • Understanding how Windows Event logging works

Advanced Threat hunting

 

Module 2: Attacking Servers and Workstations

  • Learning attacker tools/tactics/procedures (TTPs)
  • Generating real-world security events to analyze
  • Attacking Workstations
  • Attacking Application Servers
  • Learning what types of security events generate log events
  • Writing basic queries for common attacks
  • Analyzing PCAP files with Splunk

Advanced Threat hunting

 

 

Module 3: Hunting with Splunk

  • Data-Centric vs End-Point Hunting
  • Understanding IOCs/IOAs
  • Indicators of Compromise (IOCs)
  • Indicators of Attack (IOAs)
  • Integrating data from popular security products
  • Writing complex queries
  • Detecting Zero-Day attacks

Advanced Threat hunting

 

Who is this class for?

IT System Administrators, IT Security Professionals, SOC Analysts, First Responders, Incident Handlers, Intrusion Analysts, Malware Analysts

 

 

Class pre-requisites

Students should be familiar with using Windows and Linux operating environments and be able to troubleshoot general connectivity and setup issues.

Students should be familiar with VMware Workstation and be able to create and configure virtual machines.

Students are recommended to have a high-level understanding of key programming concepts, such as variables, loops, and functions; however, no programming experience is necessary.

Students will be provided with detailed courseware, detailed lab manuals, and copy/paste notes so that even if a student is not very strong technically they will be able to complete the lab exercises and take notes effectively.

 

Class Schedule

May 7th & 9th, 7:00 pm EST – 9:00 pm EST

 

Class Delivery Method

Live-online instructor-led

 

NOTE:

Online students will be given access to VMWare virtual machines to download for the class and the previous version of the Splunk course as well. A new updated version of the courseware will be delivered on the first day of class

 

Students will receive

  • 24 hours of CPEs
  • Several virtual machines
  • Courseware slides
  • Lab manual

Videos

Each class will be recorded and made available to the students via email. So you can keep up with the class even if you have to miss time or even a whole day.

Support

Students can request help via email based trouble ticketing system (allow 24 hours for a response). Send all questions/concerns to [email protected]

Class Cost: $200

The class cost is regularly $500, but you can get it for $200 if you sign up before April 20th.

Fill out this form to sign up for the class.

$200.00Select options

 

Unlimited classes:

If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:

https://infosecaddicts.com/unlimited-classes/

 

NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those engagements) classes may reschedule or cancel. In these situations a refund will NOT be granted as the class will re-run the following week, or additional days will be added to the class schedule to make up for this.

This post was written by Joseph McCray

2 thoughts on “Advanced Threat Hunting with Splunk

    1. Hello Cynthia, this class happens again on April 23rd & 25th, 7:00 pm EST – 9:00 pm EST so sign up now. Regards.

Leave a Reply

Your email address will not be published. Required fields are marked *