- • May 18-20, 2026 · Live Remote Online
- • May 21-22, 2026 · Live Remote Online
- • Jun 4-5, 2026 · Live Remote Online
- • Jul 27-28, 2026 · Live Remote Online
- • Oct 15-16, 2026 · Live Remote Online
Using Splunk Enterprise Security
Course Duration
2 Days
Audience
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites
Working knowledge of Splunk search (Power User level). Familiarity with security operations concepts, SIEM usage, and common attack techniques is recommended.
Course Description
This 13.5-hour instructor-led course prepares SOC analysts to use Splunk Enterprise Security (ES) for threat detection and incident response. Students learn to navigate the ES interface, identify and investigate notable events, use risk-based alerting, analyze security domains, apply threat intelligence, and track incidents through the full investigation lifecycle.
Learning Objectives
- Navigate the Splunk Enterprise Security interface and security domains
- Identify and triage notable events using the Incident Review dashboard
- Investigate security incidents using ES investigative features and timeline
- Use risk-based alerting to prioritize threats based on risk scores
- Apply threat intelligence to enrich events and identify indicators of compromise
- Analyze security posture using ES dashboards and glass tables
- Create and manage investigations and track analyst workflow
- Use predictive analytics and anomaly detection in ES
Course Outline
Enterprise Security Overview
- ES architecture and data model
- Security domains overview
- The analyst workflow in ES
Incident Investigation
- Incident Review dashboard
- Notable event triage and investigation
- Using the ES investigation timeline
- Correlation search results
Risk-Based Alerting
- Risk analysis framework
- Risk factors and risk scores
- Using the Risk Notables dashboard
Threat Intelligence
- Threat intelligence in ES
- Indicator of compromise (IOC) analysis
- Applying threat intelligence to investigations
Security Posture and Reporting
- Security posture dashboard
- Glass tables
- Executive reporting in ES
Frequently Asked Questions
What does the Using Splunk Enterprise Security course cover?
This 2-day course covers ES from the SOC analyst perspective -- navigating the interface, triaging notable events, investigating incidents, using risk-based alerting, applying threat intelligence, and tracking the full incident lifecycle.
Who should take this course?
This course is designed for SOC analysts, threat hunters, and security practitioners who will use Splunk Enterprise Security as their SIEM. It is the analyst-focused ES course.
What is the difference between this course and Administering Splunk Enterprise Security?
SP-USES (this course) is for analysts who use ES to investigate threats. SP-ASES is for administrators who configure and manage the ES deployment. Both are available from IT Dojo.
What certification does this course prepare me for?
This course contributes to the Splunk Certified Cybersecurity Defense Analyst certification path.
Is this course available as live remote online training?
Yes. IT Dojo offers this course as live remote online instruction. On-site delivery is also available.
How do I register?
IT Dojo training is employer sponsored. Contact IT Dojo via the Request Training form or call 757-216-3656.