SPLUNK Enterprise Security: What's The Best Online Resource To Learn Implementation/Configuration?

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
Hi guys.  SPLUNK Enterprise Security is wayyy too much in demand not to learn it's Implementation & Configuration.  What do you think is the best online video resource to learn this skill to the point that you master the implementation and configuration for different sized organizations?
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    Do you want to implement Splunk instances as an engineer, write Splunk content as a security analyst, or use Splunk to handle security events? The design of any Spunk instance is HIGHLY dependent on the organization in which it is implemented, so specific training is usually only available inside of the org using Splunk. Having said that, most people start by going through the fundamental courses on the Splunk Education Portal.


  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□

    yeah, JD.  This would be specifically on how to implement Splunk as an engineer for various organizations.  Yeah, I'm aware of the trainings available at the Splunk portal.  But utilizing that is kind of like telling somebody that bought a Honda to take it to the dealership to have maintenance done on it.  You know how that story goes. 

    I'll keep hunting though.  It's definitely an awesome and highly in-demand skillset to have.  Even more sought out than the famous GIAC certifications/courses.  
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    I think Splunk planning and engineering is something you mostly learn on-the-job. To learn it, you need to get hire into a the security engineering team that implements and maintains the Splunk instances of a very large enterprise. Although you may not know Splunk very well for the position you are applying, other skills you have (e.g., programming, network engineering, security operations, project management, documentation, etc.) will get you on the team to start hands-on learning of Splunk. Another possibility is hiring into a consulting firm that specializes in designing and implementing Splunk instances for large organizations. Splunk itself probably has a list of such consulting firms.
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    Well, Splunk ES does have a course specifically for implementing their platform.  It's called the Splunk Enterprise Security Certified Admin.  My intention was actually to get some insight on any more convenient and cheaper places to take the course besides the Splunk website or Pluralsight
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • test4500test4500 Registered Users Posts: 29 ■■■□□□□□□□
    Just a wild idea have you considers MS Sentinel ...they have a ninja course ...and its a key product for MS ....we use Splunk and its cool but 'have a feeling' Sentinel is the future for and Azure house
    Have: CISSP, SSCP, CYSA+, CCNA CyberOp, CIPP/E, PRINCE, ITIL v3, MS Azure 900/103/500, AWS SA-A, Splunk Core User , CyberArk Trustee......
    2020 Goals: CISM/CISA, AWS CDA-P/SA-P/Security, Splunk Power User
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    @test4500 I have not tried MS Sentinel however could you post the link to their Ninja course.  It's always great to learn about competitors to big bad premium solutions that dominate any market.

    ...and on your second point: true. Microsoft will always give major major incentive to go with their platform (Sentinel) versus using other brands.  I think kind of like they have done with Azure even though AWS is the big bad premium solution for cloud.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • test4500test4500 Registered Users Posts: 29 ■■■□□□□□□□
    Hi https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310

    If you want my view ....any Azure house is going to go with the MS Security products and they will win 90% of the Azure security market (and a good chunk of the rest of the cloud market too) I have been looking through the offering ...and its very compelling ...we have gone MS Defender ATP for w/s ....then gone MS Defender ATP for Servers ...then Azure Security Centre .....and will clearly be going MS Sentinel soon.

    We looked at others but its the integration between the products (which are all class leading) is the killer ....I know other products have there fans (Trend Micro was is the best for AWS) and some individual components are better than MS for sure (but not by enough) ...but all together as a package MS is a killer proposition!


    Have: CISSP, SSCP, CYSA+, CCNA CyberOp, CIPP/E, PRINCE, ITIL v3, MS Azure 900/103/500, AWS SA-A, Splunk Core User , CyberArk Trustee......
    2020 Goals: CISM/CISA, AWS CDA-P/SA-P/Security, Splunk Power User
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    Thanks a mil for sharing the Ninja course link.

    It makes sense that Microsoft introduced their own SIEM solution.  If I start talking marketing I'll probably get excited and carried away.  The cloud market ranking is interesting.  While Microsoft has over 85% of the End User Operating System market, they have only 20% of the public cloud market.  However as people start jumping onto the fast moving cloud band wagon their's a good chance (like you said) that 9 of 10 Azure environments would go for  MS Sentinel SIEM, not just because of it's cost but due to ease-of-use, and integration with the general business environment which is mostly Microsoft Windows-based. So as cloud continues picking up steam, the adoption of MS Sentinel vs SPLUNK ratio would gradually tip on the side of Sentinel.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Sign In or Register to comment.