{"course":{"productid":35273,"modality":1,"active":true,"language":"fr","title":"SOC Essentials: Investigating and Threat Hunting","productcode":"SEITH","vendorcode":"SP","vendorname":"Splunk","fullproductcode":"SP-SEITH","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/splunk-seith","objective":"<p>At the end of this course you should be able to:\n<\/p>\n<ul>\n<li>Describe SIEM best practices and basic operation concepts of Splunk Enterprise Security, including the interaction between CIM, Data Models, and acceleration, and common CIM fields that may be used in investigations.<\/li><li>Carry out a typical triage and investigation process using Splunk Enterprise Security.<\/li><li>Describe the purpose of the Asset and Identity, and Threat Intelligence frameworks in ES.<\/li><li>Define Splunk ES elements like Notable Event, Risk Notable, Adaptive Response Action, Risk Object, and Contributing Events.<\/li><li>Identify common built-in dashboards in Enterprise Security and the basic information they contain.<\/li><li>Explain the use of SOAR playbooks and list the basic ways they can be triggered from Enterprise Security.<\/li><li>Explain the essentials of Risk-based Alerting and the Risk framework.<\/li><li>List the common high-level steps of threat hunting using the PEAK framework and practice some common steps of hypothesis hunting with Splunk.<\/li><\/ul>","essentials":"<p>To be successful, students should have a working understanding of the topics covered in the Intro to Splunk course as well as a basic understanding of common cyber technologies and concepts including:\n<\/p>\n<ul>\n<li>Networking concepts and common security tools<\/li><li>Common Operating Systems like Windows and Linux<\/li><\/ul>","outline":"<h4>Introduction<\/h4><ul>\n<li>The CyberSecurity Defense Analyst<\/li><li>CIM, Data Models and Correlation Refresh<\/li><li>Lab 1: Introducing the environment<\/li><\/ul><h4>Splunk Enterprise Security (ES) for Analysts<\/h4><ul>\n<li>What is SIEM again?<\/li><li>Asset &amp; Identity Framework<\/li><li>Threat Intelligence Framework<\/li><li>Notable Event Framework Adaptive Response Framework<\/li><li>Incident Investigation Management in Splunk ES<\/li><li>Lab 2: Pick up an Investigation<\/li><\/ul><h4>Risk Analysis Framework<\/h4><ul>\n<li>Overview<\/li><li>Lab 3: Continue your investigation with RBA<\/li><\/ul><h4>Working with Splunk SOAR<\/h4><ul>\n<li>Introducing Splunk SOAR<\/li><li>Lab 4: Splunk SOAR practice<\/li><\/ul><h4>Threat Hunting with PEAK<\/h4><ul>\n<li>PEAK Overview<\/li><li>Lab 5: Threat Hunting Hands-on<\/li><\/ul><h4>Challenge Lab<\/h4><ul>\n<li>Lab 6: Run your own investigation<\/li><\/ul>","summary":"<p>In this course you will learn and practice how to conduct investigations using Splunk Enterprise Security features, including Risk Based Alerting, through best practices shared by our security champions, and practice some common tasks using Splunk SOAR.<\/p>\n<p>You will also learn about the PEAK Threat Hunting framework and will apply its basic concepts in a hypothesis-driven threat-hunting exercise.<\/p>\n<p>This course is part of a learning path that can help learners prepare for the role of a SOC Analyst and for the Splunk Certified Cybersecurity Defense Analyst.<\/p>\n<p>This course is scheduled with 4,5 hours on 2 days.<\/p>","objective_plain":"At the end of this course you should be able to:\n\n\n\n- Describe SIEM best practices and basic operation concepts of Splunk Enterprise Security, including the interaction between CIM, Data Models, and acceleration, and common CIM fields that may be used in investigations.\n- Carry out a typical triage and investigation process using Splunk Enterprise Security.\n- Describe the purpose of the Asset and Identity, and Threat Intelligence frameworks in ES.\n- Define Splunk ES elements like Notable Event, Risk Notable, Adaptive Response Action, Risk Object, and Contributing Events.\n- Identify common built-in dashboards in Enterprise Security and the basic information they contain.\n- Explain the use of SOAR playbooks and list the basic ways they can be triggered from Enterprise Security.\n- Explain the essentials of Risk-based Alerting and the Risk framework.\n- List the common high-level steps of threat hunting using the PEAK framework and practice some common steps of hypothesis hunting with Splunk.","essentials_plain":"To be successful, students should have a working understanding of the topics covered in the Intro to Splunk course as well as a basic understanding of common cyber technologies and concepts including:\n\n\n\n- Networking concepts and common security tools\n- Common Operating Systems like Windows and Linux","outline_plain":"Introduction\n\n\n- The CyberSecurity Defense Analyst\n- CIM, Data Models and Correlation Refresh\n- Lab 1: Introducing the environment\nSplunk Enterprise Security (ES) for Analysts\n\n\n- What is SIEM again?\n- Asset & Identity Framework\n- Threat Intelligence Framework\n- Notable Event Framework Adaptive Response Framework\n- Incident Investigation Management in Splunk ES\n- Lab 2: Pick up an Investigation\nRisk Analysis Framework\n\n\n- Overview\n- Lab 3: Continue your investigation with RBA\nWorking with Splunk SOAR\n\n\n- Introducing Splunk SOAR\n- Lab 4: Splunk SOAR practice\nThreat Hunting with PEAK\n\n\n- PEAK Overview\n- Lab 5: Threat Hunting Hands-on\nChallenge Lab\n\n\n- Lab 6: Run your own investigation","summary_plain":"In this course you will learn and practice how to conduct investigations using Splunk Enterprise Security features, including Risk Based Alerting, through best practices shared by our security champions, and practice some common tasks using Splunk SOAR.\n\nYou will also learn about the PEAK Threat Hunting framework and will apply its basic concepts in a hypothesis-driven threat-hunting exercise.\n\nThis course is part of a learning path that can help learners prepare for the role of a SOC Analyst and for the Splunk Certified Cybersecurity Defense Analyst.\n\nThis course is scheduled with 4,5 hours on 2 days.","skill_level":"Beginner","version":"6.4.1","duration":{"unit":"d","value":0,"formatted":"9 heures"},"pricelist":{"List Price":{"US":{"country":"US","currency":"USD","taxrate":null,"price":1000},"SI":{"country":"SI","currency":"EUR","taxrate":20,"price":1000},"GB":{"country":"GB","currency":"GBP","taxrate":20,"price":835},"PL":{"country":"PL","currency":"USD","taxrate":23,"price":1000},"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":1000},"CA":{"country":"CA","currency":"CAD","taxrate":null,"price":1380},"CH":{"country":"CH","currency":"CHF","taxrate":8.1,"price":1100},"FR":{"country":"FR","currency":"EUR","taxrate":19.6,"price":1000}}},"lastchanged":"2026-03-12T11:17:52+01:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course-schedule\/35273","source_lang":"fr","source":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course\/splunk-seith"}}