Splunk Correlation Search Workshop


Splunk Correlation Search Workshop

Date: May 12, 2020 | 10am - 2pm | Location: Virtual


This workshop is led by SEs, Security SMEs, CSMs and Specialists to expose customers and prospects on how to build correlation searches in Splunk Enterprise Security as well as introduce how their associated notable events can be customized to help analysts gain further insight into their security event data.

The workshop agenda is approximately 4 hours and includes:

  • Common Information Model and Data Models
  • Tstats command
  • Building a Correlation Search
  • Configuring Notable Event
  • Customizing Notable Events for Greater Context
  • Exercises throughout the workshop providing opportunities to write your correlation searches!

Please have a laptop available, that you have administrative rights to. You do not need to have Splunk downloaded. We will be logging into a remote instance of Splunk.