{"course":{"productid":26214,"modality":1,"active":true,"language":"fr","title":"Using Splunk Enterprise Security","productcode":"USES","vendorcode":"SP","vendorname":"Splunk","fullproductcode":"SP-USES","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/splunk-uses","objective":"<ul>\n<li>ES concepts, features, and capabilities<\/li><li>Security monitoring and Incident investigation<\/li><li>Use risk-based alerting and risk analysis<\/li><li>Assets and identities overview<\/li><li>Creating investigations and using the Investigation Workbench<\/li><li>Detecting known types of threats<\/li><li>Monitoring for new types of threats<\/li><li>Using analytical tools and dashboards<\/li><li>Analyze user behavior for insider threats<\/li><li>Use threat intelligence tools<\/li><li>Use protocol intelligence<\/li><\/ul>","essentials":"<p>To be successful, students should have a solid understanding of the following courses:<\/p>\n<ul>\n<li>Intro to Splunk<\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/fr\/product\/splunk-its\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Intro to Splunk <span class=\"fl-prod-pcode\">(ITS)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/fr\/course\/splunk-suf\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Using Fields <span class=\"fl-prod-pcode\">(SUF)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/fr\/product\/splunk-svz\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Visualizations <span class=\"fl-prod-pcode\">(SVZ)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/fr\/product\/splunk-suh\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Search Under the Hood <span class=\"fl-prod-pcode\">(SUH)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/fr\/product\/splunk-iko\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Intro to Knowledge Objects <span class=\"fl-prod-pcode\">(IKO)<\/span><\/a><\/span><\/li><li><span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/fr\/course\/splunk-itd\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Introduction to Dashboards <span class=\"fl-prod-pcode\">(ITD)<\/span><\/a><\/span><\/li><\/ul>","contents":"<p><strong>Module 1 - Getting Started with ES<\/strong>\n<\/p>\n<ul>\n<li>Describe the features and capabilities of Splunk Enterprise Security (ES)<\/li><li>Explain how ES helps security practitioners prevent, detect, and respond to threats<\/li><li>Describe correlation searches, data models and notable events<\/li><li>Describe user roles in ES<\/li><li>Log into Splunk Web and access Splunk for Enterprise Security<\/li><\/ul><p><strong>Module 2 - Security Monitoring and Incident Investigation<\/strong>\n<\/p>\n<ul>\n<li>Use the Security Posture dashboard to monitor ES status<\/li><li>Use the Incident Review dashboard to investigate notable events<\/li><li>Take ownership of an incident and move it through the investigation workflow<\/li><li>Create notable events<\/li><li>Suppress notable events<\/li><\/ul><p><strong>Module 3 &ndash; Risk-Based Alerting<\/strong>\n<\/p>\n<ul>\n<li>Give an overview of Risk-Based Alerting<\/li><li>View Risk Notables and risk information on the Incident Review dashboard<\/li><li>Explain risk scores and how to change an object&#039;s risk score<\/li><li>Review the Risk Analysis dashboard<\/li><li>Describe annotations<\/li><li>Describe the process for retrieving LDAP data for an asset or identity lookup<\/li><\/ul><p><strong>Module 4 &ndash; Assets &amp; Identities<\/strong>\n<\/p>\n<ul>\n<li>Give an overview of the ES Assets and Identities framework<\/li><li>Show examples where asset or identity data is missing from ES dashboards or notable events<\/li><li>View the Asset &amp; Identity Management Interface<\/li><li>View the contents of an asset or identity lookup table<\/li><\/ul><p><strong>Module 5 &ndash; Investigations<\/strong>\n<\/p>\n<ul>\n<li>Use investigations to manage incident response activity<\/li><li>Use the investigation workbench to manage, visualize and coordinate incident investigations<\/li><li>Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)<\/li><li>Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts<\/li><\/ul><p><strong>Module 6 &ndash; Security Domain Dashboards<\/strong>\n<\/p>\n<ul>\n<li>Describe the ES security domains<\/li><li>Use the Security Domain dashboards to troubleshoot various security threats<\/li><li>Learn how to launch the Security Domain dashboards from Incidents Review and from a notable event Action menu<\/li><\/ul><p><strong>Module 7 &ndash; User Intelligence<\/strong>\n<\/p>\n<ul>\n<li>Understand and use user activity analysis<\/li><li>Use investigators to analyze events related to an asset or identity<\/li><li>Use access anomalies to detect suspicious access patterns<\/li><\/ul><p><strong>Module 8 &ndash; Web Intelligence<\/strong>\n<\/p>\n<ul>\n<li>Use the web intelligence dashboards to analyze your network environment<\/li><li>Filter and highlight events<\/li><\/ul><p><strong>Module 9 &ndash; Threat Intelligence<\/strong>\n<\/p>\n<ul>\n<li>Give an overview of the Threat Intelligence framework and how threat intel is configured in ES<\/li><li>Use the Threat Activity dashboard to see which threat sources are interacting with your environment<\/li><li>Use the Threat Artifacts dashboard to examine the status of threat intelligence information in your environment<\/li><\/ul><p><strong>Module 10 &ndash; Protocol Intelligence<\/strong>\n<\/p>\n<ul>\n<li>Explain how network data is input into Splunk events<\/li><li>Describe stream events<\/li><li>Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data<\/li><\/ul>","outline":"<p><strong>Module 1 - Getting Started with ES<\/strong>\n<\/p>\n<ul>\n<li>Describe the features and capabilities of Splunk Enterprise Security (ES)<\/li><li>Explain how ES helps security practitioners prevent, detect, and respond to threats<\/li><li>Describe correlation searches, data models and notable events<\/li><li>Describe user roles in ES<\/li><li>Log into Splunk Web and access Splunk for Enterprise Security<\/li><\/ul><p><strong>Module 2 - Security Monitoring and Incident Investigation<\/strong>\n<\/p>\n<ul>\n<li>Use the Security Posture dashboard to monitor ES status<\/li><li>Use the Incident Review dashboard to investigate notable events<\/li><li>Take ownership of an incident and move it through the investigation workflow<\/li><li>Create notable events<\/li><li>Suppress notable events<\/li><\/ul><p><strong>Module 3 &ndash; Risk-Based Alerting<\/strong>\n<\/p>\n<ul>\n<li>Give an overview of Risk-Based Alerting<\/li><li>View Risk Notables and risk information on the Incident Review dashboard<\/li><li>Explain risk scores and how to change an object&#039;s risk score<\/li><li>Review the Risk Analysis dashboard<\/li><li>Describe annotations<\/li><li>Describe the process for retrieving LDAP data for an asset or identity lookup<\/li><\/ul><p><strong>Module 4 &ndash; Assets &amp; Identities<\/strong>\n<\/p>\n<ul>\n<li>Give an overview of the ES Assets and Identities framework<\/li><li>Show examples where asset or identity data is missing from ES dashboards or notable events<\/li><li>View the Asset &amp; Identity Management Interface<\/li><li>View the contents of an asset or identity lookup table<\/li><\/ul><p><strong>Module 5 &ndash; Investigations<\/strong>\n<\/p>\n<ul>\n<li>Use investigations to manage incident response activity<\/li><li>Use the investigation workbench to manage, visualize and coordinate incident investigations<\/li><li>Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)<\/li><li>Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts<\/li><\/ul><p><strong>Module 6 &ndash; Security Domain Dashboards<\/strong>\n<\/p>\n<ul>\n<li>Describe the ES security domains<\/li><li>Use the Security Domain dashboards to troubleshoot various security threats<\/li><li>Learn how to launch the Security Domain dashboards from Incidents Review and from a notable event Action menu<\/li><\/ul><p><strong>Module 7 &ndash; User Intelligence<\/strong>\n<\/p>\n<ul>\n<li>Understand and use user activity analysis<\/li><li>Use investigators to analyze events related to an asset or identity<\/li><li>Use access anomalies to detect suspicious access patterns<\/li><\/ul><p><strong>Module 8 &ndash; Web Intelligence<\/strong>\n<\/p>\n<ul>\n<li>Use the web intelligence dashboards to analyze your network environment<\/li><li>Filter and highlight events<\/li><\/ul><p><strong>Module 9 &ndash; Threat Intelligence<\/strong>\n<\/p>\n<ul>\n<li>Give an overview of the Threat Intelligence framework and how threat intel is configured in ES<\/li><li>Use the Threat Activity dashboard to see which threat sources are interacting with your environment<\/li><li>Use the Threat Artifacts dashboard to examine the status of threat intelligence information in your environment<\/li><\/ul><p><strong>Module 10 &ndash; Protocol Intelligence<\/strong>\n<\/p>\n<ul>\n<li>Explain how network data is input into Splunk events<\/li><li>Describe stream events<\/li><li>Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data<\/li><\/ul>","summary":"<p>This 13.5-hour module prepares security practitioners to use Splunk Enterprise Security (ES). Students identify and track incidents, analyze security risks, use predictive analytics, and discover threats.<\/p>","objective_plain":"- ES concepts, features, and capabilities\n- Security monitoring and Incident investigation\n- Use risk-based alerting and risk analysis\n- Assets and identities overview\n- Creating investigations and using the Investigation Workbench\n- Detecting known types of threats\n- Monitoring for new types of threats\n- Using analytical tools and dashboards\n- Analyze user behavior for insider threats\n- Use threat intelligence tools\n- Use protocol intelligence","essentials_plain":"To be successful, students should have a solid understanding of the following courses:\n\n\n- Intro to Splunk\n- Intro to Splunk (ITS)\n- Using Fields (SUF)\n- Visualizations (SVZ)\n- Search Under the Hood (SUH)\n- Intro to Knowledge Objects (IKO)\n- Introduction to Dashboards (ITD)","contents_plain":"Module 1 - Getting Started with ES\n\n\n\n- Describe the features and capabilities of Splunk Enterprise Security (ES)\n- Explain how ES helps security practitioners prevent, detect, and respond to threats\n- Describe correlation searches, data models and notable events\n- Describe user roles in ES\n- Log into Splunk Web and access Splunk for Enterprise Security\nModule 2 - Security Monitoring and Incident Investigation\n\n\n\n- Use the Security Posture dashboard to monitor ES status\n- Use the Incident Review dashboard to investigate notable events\n- Take ownership of an incident and move it through the investigation workflow\n- Create notable events\n- Suppress notable events\nModule 3 \u2013 Risk-Based Alerting\n\n\n\n- Give an overview of Risk-Based Alerting\n- View Risk Notables and risk information on the Incident Review dashboard\n- Explain risk scores and how to change an object's risk score\n- Review the Risk Analysis dashboard\n- Describe annotations\n- Describe the process for retrieving LDAP data for an asset or identity lookup\nModule 4 \u2013 Assets & Identities\n\n\n\n- Give an overview of the ES Assets and Identities framework\n- Show examples where asset or identity data is missing from ES dashboards or notable events\n- View the Asset & Identity Management Interface\n- View the contents of an asset or identity lookup table\nModule 5 \u2013 Investigations\n\n\n\n- Use investigations to manage incident response activity\n- Use the investigation workbench to manage, visualize and coordinate incident investigations\n- Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)\n- Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts\nModule 6 \u2013 Security Domain Dashboards\n\n\n\n- Describe the ES security domains\n- Use the Security Domain dashboards to troubleshoot various security threats\n- Learn how to launch the Security Domain dashboards from Incidents Review and from a notable event Action menu\nModule 7 \u2013 User Intelligence\n\n\n\n- Understand and use user activity analysis\n- Use investigators to analyze events related to an asset or identity\n- Use access anomalies to detect suspicious access patterns\nModule 8 \u2013 Web Intelligence\n\n\n\n- Use the web intelligence dashboards to analyze your network environment\n- Filter and highlight events\nModule 9 \u2013 Threat Intelligence\n\n\n\n- Give an overview of the Threat Intelligence framework and how threat intel is configured in ES\n- Use the Threat Activity dashboard to see which threat sources are interacting with your environment\n- Use the Threat Artifacts dashboard to examine the status of threat intelligence information in your environment\nModule 10 \u2013 Protocol Intelligence\n\n\n\n- Explain how network data is input into Splunk events\n- Describe stream events\n- Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data","outline_plain":"Module 1 - Getting Started with ES\n\n\n\n- Describe the features and capabilities of Splunk Enterprise Security (ES)\n- Explain how ES helps security practitioners prevent, detect, and respond to threats\n- Describe correlation searches, data models and notable events\n- Describe user roles in ES\n- Log into Splunk Web and access Splunk for Enterprise Security\nModule 2 - Security Monitoring and Incident Investigation\n\n\n\n- Use the Security Posture dashboard to monitor ES status\n- Use the Incident Review dashboard to investigate notable events\n- Take ownership of an incident and move it through the investigation workflow\n- Create notable events\n- Suppress notable events\nModule 3 \u2013 Risk-Based Alerting\n\n\n\n- Give an overview of Risk-Based Alerting\n- View Risk Notables and risk information on the Incident Review dashboard\n- Explain risk scores and how to change an object's risk score\n- Review the Risk Analysis dashboard\n- Describe annotations\n- Describe the process for retrieving LDAP data for an asset or identity lookup\nModule 4 \u2013 Assets & Identities\n\n\n\n- Give an overview of the ES Assets and Identities framework\n- Show examples where asset or identity data is missing from ES dashboards or notable events\n- View the Asset & Identity Management Interface\n- View the contents of an asset or identity lookup table\nModule 5 \u2013 Investigations\n\n\n\n- Use investigations to manage incident response activity\n- Use the investigation workbench to manage, visualize and coordinate incident investigations\n- Add various items to investigations (notes, action history, collaborators, events, assets, identities, files and URLs)\n- Use investigation timelines, lists and summaries to document and review breach analysis and mitigation efforts\nModule 6 \u2013 Security Domain Dashboards\n\n\n\n- Describe the ES security domains\n- Use the Security Domain dashboards to troubleshoot various security threats\n- Learn how to launch the Security Domain dashboards from Incidents Review and from a notable event Action menu\nModule 7 \u2013 User Intelligence\n\n\n\n- Understand and use user activity analysis\n- Use investigators to analyze events related to an asset or identity\n- Use access anomalies to detect suspicious access patterns\nModule 8 \u2013 Web Intelligence\n\n\n\n- Use the web intelligence dashboards to analyze your network environment\n- Filter and highlight events\nModule 9 \u2013 Threat Intelligence\n\n\n\n- Give an overview of the Threat Intelligence framework and how threat intel is configured in ES\n- Use the Threat Activity dashboard to see which threat sources are interacting with your environment\n- Use the Threat Artifacts dashboard to examine the status of threat intelligence information in your environment\nModule 10 \u2013 Protocol Intelligence\n\n\n\n- Explain how network data is input into Splunk events\n- Describe stream events\n- Give an overview of the Protocol Intelligence dashboards and how they can be used to analyze network data","summary_plain":"This 13.5-hour module prepares security practitioners to use Splunk Enterprise Security (ES). Students identify and track incidents, analyze security risks, use predictive analytics, and discover threats.","skill_level":"Intermediate","version":"8","duration":{"unit":"d","value":2,"formatted":"2 jours"},"pricelist":{"List Price":{"US":{"country":"US","currency":"USD","taxrate":null,"price":1500},"GB":{"country":"GB","currency":"GBP","taxrate":20,"price":1250},"SI":{"country":"SI","currency":"EUR","taxrate":20,"price":1500},"PL":{"country":"PL","currency":"USD","taxrate":23,"price":1500},"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":1500},"AT":{"country":"AT","currency":"EUR","taxrate":20,"price":1500},"SE":{"country":"SE","currency":"EUR","taxrate":25,"price":1500},"FR":{"country":"FR","currency":"EUR","taxrate":19.6,"price":1500},"IT":{"country":"IT","currency":"USD","taxrate":20,"price":1500},"CA":{"country":"CA","currency":"CAD","taxrate":null,"price":2070},"CH":{"country":"CH","currency":"CHF","taxrate":8.1,"price":1650},"NL":{"country":"NL","currency":"EUR","taxrate":21,"price":1500}}},"lastchanged":"2026-02-19T15:52:57+01:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course-schedule\/26214","source_lang":"fr","source":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course\/splunk-uses"}}