Splunk Security Ninja Workshop EMEA Series: Security Operations Suite



Please note these workshop take place during European working hours.

Welcome to Splunk Security Ninja Workshop Series. These 4 hour, hands-on security workshops are brought to you by the Splunk team via Zoom. Learn, connect & interact with Splunk subject matter experts, colleagues and industry peers, and have some fun on the way!



Google Cloud Platform Security
This is a scenario-based hands-on workshop designed for Splunk security customers already in or moving to Google Cloud Platform (GCP). The scenarios utilize different pieces of cloud-focused data and include an email investigation (using GMail), a key compromise against a custom Google Cloud Function, and a Storage Bucket investigation. The workshop leverages the popular Boss of the SOC (BOTS) dataset with hands-on exercises. Users will come away with a better understanding of the logging available to them from GCP and how cloud data can provide visibility into adversary actions in the environment.
 

 Dates/Times: Thursday 2nd June | 09:30 - 13:30 BST/ 10:30 - 14:30 CEST

 

 

 

AWS 2.0 Attack in the Clouds 
This workshop is designed to extend your knowledge into the AWS suite of solutions beyond EC2 and S3. During the workshop, hands-on investigations leveraging CloudTrail and CloudWatch data, as well as VPC Flow data, are provided. Data sets created by AWS security solutions, like GuardDuty and Security Hub, will be introduced as well. The workshop concludes with detections from ESCU and SSE to highlight the integration of AWS data sources into Enterprise Security. The workshop leverages the Boss of the SOC (BOTS) dataset with hands-on exercises throughout. Users will come away with a better understanding of the logging available to them from AWS and which events are important to collect to gain visibility into adversary actions in the environment.
 
 Dates/Times: Thursday 9th June | 09:30 - 13:30 BST/ 10:30 - 14:30 CEST
 
 
 
Hunting in the Microsoft Cloud
Hunting in the Microsoft Cloud is a modular, hands-on workshop designed to familiarize participants with how to hunt using Splunk Enterprise and Enterprise Security in events generated from Microsoft Azure and Office 365. This workshop provides users an opportunity to gain familiarity with data collected within the Microsoft Cloud and then apply that knowledge to conducting a hunt using these same data sources. The workshop leverages the popular Boss of the SOC (BOTS) dataset and is laid out in an interactive format. Users will leave with a better understanding of how Splunk and Enterprise Security can be used to hunt within the Microsoft Cloud and how Splunk can be a single collection point for both on-premise and cloud-centric data sources.

Dates/Times: Thursday 30th June | 09:30 - 13:30 BST/ 10:30 - 14:30 CEST
 
 

Security Operations Suite
The Security Products Hands-On is a modular, hands-on workshop designed to familiarize participants with how to investigate incidents using Splunk Enterprise, Enterprise Security, UBA and Phantom. This workshop provides users an opportunity to walk through multiple scenarios and see first- hand how Splunk Security Products can be used to take notable events and investigate, hunt and orchestrate actions based on what is uncovered. The workshop leverages the popular Boss of the SOC (BOTS) dataset and is laid out in an interactive format. Users will leave with a better understanding of how Splunk, Enterprise Security, UBA and Phantom can be used within security operations to process notable events and investigate as they occur in the enterprise.
 
Dates/Times: Thursday 7th July | 09:30 - 13:30 BST/ 10:30 - 14:30 CEST
 
 

Security Orchestration, Automation, and Response (SOAR)
The SOAR Hands-On workshop is designed to familiarize participants with how to respond to incidents, manage cases and artifacts, as well as automate your incident response and standard operating procedures. This workshop provides users an opportunity to walk through a real-world scenario and see first-hand how Phantom can be used from the creation of a notable event to enriching alerts by automatically gathering data, all the way to managing and resolving the incident.

Dates/Times: Thursday 14th July | 09:30 - 13:30 BST/ 10:30 - 14:30 CEST
 
 
 
Enterprise Security
Enterprise Security Hands-On is a modular, hands-on designed to familiarize participants with how to investigate incidents using Splunk Enterprise and Splunk Enterprise Security. This workshop provides users an opportunity to walk through multiple scenarios and see first-hand how Enterprise Security can be used from the creation of a notable event to investigate all the way to the raw event that identifies the adversaries action. The workshop leverages the popular Boss of the SOC (BOTS) dataset and is laid out in an interactive format. Users will leave with a better understanding of how Splunk and Enterprise Security can be used to generate notable events and investigate them as they occur in the enterprise.

Dates/Times: Thursday 21st July | 09:30 - 13:30 BST/ 10:30 - 14:30 CEST
 
 
 
Building Correlation Searches in Enterprise Security
Building Correlation Searches with Splunk Enterprise Security is a modular, hands-on workshop designed to familiarize participants with how to leverage Splunk to develop their own correlation searches. This workshop provides users a way to gain familiarity with building correlation searches in Splunk, as well as introducing data models and the tstats command that can provide a user a method to further optimize their correlation searches. The workshop leverages the popular Boss of the SOC (BOTS) dataset with hands-on exercises that build on one another. Users will come away with a better understanding of how to build their own correlation searches in Splunk as well as how to customize their associated notable events to provide more immediate insights to their analysts.

Dates/Times: Thursday 28th July | 09:30 - 13:30 GMT/ 10:30 - 14:30 CET
 
 
 
Splunking the Endpoint 
Splunking the Endpoint is a modular, hands-on workshop designed to familiarize participants with different endpoint technologies and how to leverage Splunk to gain greater insight into the activities occurring on the endpoint. This workshop provides users a way to gain familiarity with various endpoint logging tools, including Microsoft Event Logs, Sysmon, PowerShell, osquery, CB and Cisco NVM, as well as introduces them to Splunk Security Essentials and ES Content Updates. A utility called Window Event Code Analyzer is also covered which is designed to assist users in determining which Windows events to log! The workshop leverages the popular Boss of the SOC (BOTS) dataset with hands-on exercises for each technology. Users will come away with a better understanding of the logging at the endpoint available to them and which events are important to collect to gain visibility into adversary actions on the endpoint.

Dates/Times: Thursday 8th September | 09:30 - 13:30 BST/ 10:30 - 14:30 CEST We look forward to seeing you (online) soon!

Relevant Government Agencies

Other Federal Agencies, Federal Government, State & Local Government


Event Type
Virtual


This event has no exhibitor/sponsor opportunities


When
Thu, Jul 7, 2022, 9:30am - 1:30pm


Cost
Complimentary:    $ 0.00


Website
Click here to visit event website


Organizer
Splunk


Contact Event Organizer



Return to search results