Register Now!
All Fields are required *











Thank you for your interest in our Security Workshop series. If you register for one of our sessions, please add events@splunk.com as a safe sender in your email to ensure you receive our confirmation and meeting emails.

Please note these workshop take place during European working hours.

Introduction:

Welcome to Splunk Security Ninja Workshop Series. These 4 hour, hands-on security workshops are brought to you by the Splunk team via Zoom. Learn, connect & interact with Splunk subject matter experts, colleagues and industry peers, and have some fun on the way!
Virtual hands-on workshops are a convenient, interactive way to build your Splunk security skills and knowledge – from the comfort of your work or home office.

Interested in more Splunk hands-on workshops? Check out our Splunk4Rookies & Splunk4Rookies Observability programme.

Security Operations Suite Hands-On Workshop
The Security Products Hands-On is a modular, hands-on workshop designed to familiarize participants with how to investigate incidents using Splunk Enterprise, Enterprise Security, UBA and Phantom. This workshop provides users an opportunity to walk through multiple scenarios and see first-hand how Splunk Security Products can be used to take notable events and investigate, hunt and orchestrate actions based on what is uncovered. The workshop leverages the popular Boss of the SOC (BOTS) dataset and is laid out in an interactive format. Users will leave with a better understanding of how Splunk, Enterprise Security, UBA and Phantom can be used within security operations to process notable events and investigate as they occur in the enterprise. 
 
Dates/Times:New Date Coming Soon!

Enterprise Security Hands-On Workshop
This is a modular, hands-on workshop designed to show participants how to investigate incidents using Splunk Enterprise and Splunk Enterprise Security. This workshop provides users an opportunity to walk through multiple scenarios and see first-hand how Enterprise Security can be used from the creation of a notable event to investigate all the way to the raw event that identifies the adversaries action. The workshop leverages the popular Boss of the SOC (BOTS) dataset and is laid out in an interactive format.

Dates/Times:Tuesday 30th November | 09:30-13:30 GMT / 10:30-14:30 CET

Splunk Security Orchestration, Automation, and Response (SOAR) Workshop
The SOAR Hands-On workshop is designed to familiarize participants with how to respond to incidents, manage cases and artifacts, as well as automate your incident response and standard operating procedures. This workshop provides users an opportunity to walk through a real-world scenario and see first-hand how Phantom can be used from the creation of a notable event to enriching alerts by automatically gathering data, all the way to managing and resolving the incident.

Dates/Times:Tuesday 7th December | 09:30-13:30 GMT / 10:30-14:30 CET

Building Correlation Searches in ES Workshop
This workshop provides users an opportunity to experience the planning for, creation of, and implementation of complex correlation searches in Splunk’s SIEM product: Enterprise Security. Deep knowledge about Splunk’s search acceleration technology is also imparted, and the workshop also touches on applicability of third-party guidance such as SIGMA rules and MITRE ATT&CK.

Dates/Times:Tuesday 14th December | 09:30-13:30 GMT / 10:30-14:30 CET

Splunk Security Orchestration, Automation, and Response (SOAR) Workshop
The SOAR Hands-On workshop is designed to familiarize participants with how to respond to incidents, manage cases and artifacts, as well as automate your incident response and standard operating procedures. This workshop provides users an opportunity to walk through a real-world scenario and see first-hand how Phantom can be used from the creation of a notable event to enriching alerts by automatically gathering data, all the way to managing and resolving the incident.

Dates/Times:Tuesday 11th January | 09:30-13:30 GMT / 10:30-14:30 CET

Splunking the Endpoint Hands-On Workshop
Splunking the Endpoint is a modular, hands-on workshop designed to familiarize participants with different endpoint technologies and how to leverage Splunk to gain greater insight into the activities occurring on the endpoint. This workshop provides users a way to gain familiarity with various endpoint logging tools, including Microsoft Event Logs, Sysmon, PowerShell, osquery, CB and Cisco NVM, as well as introduces them to Splunk Security Essentials and ES Content Updates. A utility called Window Event Code Analyzer is also covered which is designed to assist users in determining which Windows events to log! The workshop leverages the popular Boss of the SOC (BOTS) dataset with hands-on exercises for each technology. Users will come away with a better understanding of the logging at the endpoint available to them and which events are important to collect to gain visibility into adversary actions on the endpoint.

Dates/Times:Tuesday 18th January | 09:30-13:30 GMT / 10:30-14:30 CET

AWS Security Hands-On Workshop
This is a scenario-based hands-on workshop designed for Splunk security customers already in or moving into AWS. The scenarios use different pieces of cloud-focused data and include a key compromise, a public S3 bucket, and network attacks which incorporate content from ESCU or SSE to detect and investigate malicious activity. The workshop leverages the popular Boss of the SOC (BOTS) v3 dataset and is laid out in an interactive format.

Dates/Times:Tuesday 25th January | 09:30-13:30 GMT / 10:30-14:30 CET

Hunting in the Microsoft Cloud
Hunting in the Microsoft Cloud hands-on workshop is designed to show how to hunt using Splunk Enterprise and Splunk Enterprise Security in events generated from Microsoft Azure and Office 365. This workshop provides users an opportunity to gain familiarity with data collected within the Microsoft Cloud and then apply that knowledge to conducting a hunt using these same data sources. Attendees will leave with a better understanding of how Splunk Enterprise and Enterprise Security can be used to hunt within the Microsoft Cloud and how Splunk can be a single collection point for both on-premise and cloud-centric data sources.

Dates/Times:Tuesday 1st February | 09:30-13:30 GMT / 10:30-14:30 CET

We look forward to seeing you (online) soon!