Building Correlation Searches in Enterprise Security
Building Correlation Searches with Splunk Enterprise Security is a modular, hands-on workshop designed to familiarize participants with how to leverage Splunk to develop their own correlation searches. This workshop provides users a way to gain familiarity with building correlation searches in Splunk, as well as introducing data models and the tstats command that can provide a user a method to further optimize their correlation searches. The workshop leverages the popular Boss of the SOC (BOTS) dataset with hands-on exercises that build on one another. Users will come away with a better understanding of how to build their own correlation searches in Splunk as well as how to customize their associated notable events to provide more immediate insights to their analysts.
Event Duration: 1 Days