BLUE TEAM DEVELOPMENT PROGRAM

Apply to be apart of this team here.

The BIC Blue Team Development Program seeks to add to the growing number of Defensive Security Profesionals. This program includes both in-house programs and classes as well as external organizations or instructors that come to instruct.

Course Description

This course is for individuals that have little or no experience using Splunk enterprise, but seek a basic understanding of what Splunk is.

After taking this course you should have a better fundamental understanding of how to search and build basic dashboards within Splunk.

Activities

This course includes lectures, Lab demonstrations and hand on labs, and links to resources.

Intended Audience

This course is intended for:

Course Objectives

Building Dashboards Basics
- What is a Dashboard and why is it important?
- How to use Transforming commands to create Dashboards
- Knowing when to pick out what charts for different problem sets:
- - Different Use Cases
    - Security Use cases
    - It Ops Use cases
    - Cloud Use Cases
  - Overview of the 3 main components of Splunk Enterprise:
    - What is a Forwarder?
    - What is a Search Head?
    - What is an Indexer?
Splunk Best Practices
- Specifically pertaining to searching using SPL(Splunk Query Language)
  - When to include or exclude field names in searches
  - When to use the Search and Where command
  - When to use Fast Smart, and Verbose modes when searching
Searching Basics
- How to structure your searches
- How and when to pipe down your events
- When to use Stats or the Time command
- How and when to use transforming commands
Ingesting Static Files
- Downloading CSV files into Splunk
- Knowing which type of label to put on your data
- Naming Conventions
Understanding "what your data can do for you"...
- Learning how to go through datasets and see patterns or interesting aspects of it
- Applying what you see to your business problems
- Solving problems that even your managers and executives aren’t aware of yet