Welcome to Splunk Security Ninja Workshop Series. These 4 hour, hands-on security workshops are brought to you by the Splunk team via Zoom. Learn, connect & interact with Splunk subject matter experts, colleagues and industry peers, and have some fun on the way! Virtual hands-on workshops are a convenient, interactive way to build your Splunk security skills and knowledge – from the comfort of your work or home office.
If you register for one of our sessions, please add email@example.com as a safe sender in your email to ensure you receive our confirmation email and joining details.
We welcome you to join us for one, a few or all of our workshops in this series.
Hungry for more Splunk hands-on workshops? Check out our Splunk4Rookies & Splunk4Rookies Observability programme.
The SOAR Hands-On workshop is designed to familiarize participants with how to respond to incidents, manage cases and artifacts, as well as automate your incident response and standard operating procedures. This workshop provides users an opportunity to walk through a real-world scenario and see first-hand how Phantom can be used from the creation of a notable event to enriching alerts by automatically gathering data, all the way to managing and resolving the incident.
Dates/Times: Thursday 16th February | 9:30 - 13:30 GMT / 10:30 - 14:30 CET
This is a scenario-based hands-on workshop designed for Splunk security customers already in or moving to Google Cloud Platform (GCP). The scenarios utilize different pieces of cloud-focused data and include an email investigation (using GMail), a key compromise against a custom Google Cloud Function, and a Storage Bucket investigation. The workshop leverages the popular Boss of the SOC (BOTS) dataset with hands-on exercises. Users will come away with a better understanding of the logging available to them from GCP and how cloud data can provide visibility into adversary actions in the environment.
Dates/Times: Thursday 9th March | 9:30 - 13:30 GMT / 10:30 - 14:30 CET
This workshop is designed to extend your knowledge into the AWS suite of solutions beyond EC2 and S3. During the workshop, hands-on investigations leveraging CloudTrail and CloudWatch data, as well as VPC Flow data, are provided. Data sets created by AWS security solutions, like GuardDuty and Security Hub, will be introduced as well. The workshop concludes with detections from ESCU and SSE to highlight the integration of AWS data sources into Enterprise Security. The workshop leverages the Boss of the SOC (BOTS) dataset with hands-on exercises throughout. Users will come away with a better understanding of the logging available to them from AWS and which events are important to collect to gain visibility into adversary actions in the environment.
Dates/Times: Thursday 16th March | 9:30 - 13:30 GMT / 10:30 - 14:30 CET