Time
1 hour 59 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
we're on module to talking about *** products.
00:03
Understanding popular *** products is important. If you're gonna claim any kind of Splunk knowledge, you need to be able to understand how the products interact and work with each other and know where to start for making recommendations on what products the company should look to purchase.
00:19
*** does regularly make changes and add new features and products, so check the site for the latest information
00:26
like we talked about in module one. When people refer to Splunk, they typically mean the course Blunk platform, or they may just be referring to what they're used to working with.
00:36
There are currently four different splitting platforms to choose from. These all aggregate process and help use data,
00:43
which one you pick typically has to do with your data appetite and budget.
00:47
A small company with a few users and limited data may choose *** light, whereas most large companies will pick sponge enterprise or sport cloud.
00:56
There are some differences between these platforms, so just 1st 1 quite you don't have the option of clustering and high availability or single sign on options
01:04
***. Enterprise is the most popular platform I've seen on the surface, the main difference between splint enterprises want cloud as if you want an on prem solution where you're changing your own servers
01:15
or if you want a hosted environment in the cloud.
01:19
There are other considerations, but companies will usually start with one of these four options and then build out from there.
01:26
Pricing is determined by how much data is indexed on a daily basis.
01:32
There are many different options for licensee, so if you're seriously looking to make a purchase, you should talk with book about what would be best for your company
01:40
before even looking to make a purchase and maybe a good idea to quantify and pariah tights. The data you think you'll need
01:47
Split has a lot of solutions targeted
01:49
towards specific industries that typically work as paid APS added To an existing platform,
01:55
a common environment might exist of a splint enterprise environment, a splint enterprise security often referred to as E. S for enterprise security
02:04
and ***. User behavior Analytics added to it.
02:07
***. Enterprise security adds features like make it easier for analysts to pivot between events, conduct threat hunting in just intelligence and identify risk.
02:17
Splunk you b a or user behavior on Alex, then adds machine learning and helps identify anomalies in the environment and pick out things like insider threats or compromises that my otherwise have been missed.
02:30
While enterprise security and you be a are heavily marketed together, you can't have one of the other with your Splunk enterprise platform.
02:38
Other solutions to add to your platform includes things like insights for infrastructure, where slunk helps you baseline your environment and identify potential problems.
02:47
Two of slugs Recent acquisitions target other areas.
02:52
***. Phantom as an orchestration and automation tool that lets you kick off automated chains of events,
02:59
for example, you could have ***. Enterprise. Send over, um, our event. Have Phantom,
03:05
uh, look up the hash and fires total.
03:07
Then tell another tool to isolate the machine that has them our and then tell your ticketing system to open a ticket
03:15
with the event information of iris Total results. It's pretty cool.
03:19
Victor Ops is
03:20
primarily used to manage on call schedules and create notifications. Such is by sending push notifications to your phone, giving you a call or sending an email when event comes in.
03:31
An example scenario would be,
03:34
ah say you have high CPU alert for a critical machine trigger and splint enterprise, and then Splunk sense the event over to Victor Ops, where then calls the system owner to take a look at the machine.
03:47
So far, our view time. Can you identify which of the following is not a splint platform?
03:57
The answer is C.
03:58
Slink Enterprise Security
04:00
can be added to a splint platform to give additional tools
04:05
for your company to use
04:09
as a review. You have your spawn platform, Splunk enterprise splint, Clouds, blanc light and *** free. This may be enough for your company. Plenty
04:18
are able to accomplish everything they need to with one of these. How are Splunk? Has a lot of other specialized solution that can optimize the use of your data. Such a ***, user behavior, analytics, insights for ransom or another's
04:32
phantom can be used to automate tasking. Your company and victor ops can alert you when something happens,
04:40
and with that, you've made it through Module tube
04:43
in Module three will finally get our hands on Splunk

Up Next

Introduction to Splunk

This Splunk training class is designed to quickly introduce you to Splunk and its many capabilities.

Instructed By

Instructor Profile Image
Natasha Staples
Incident Response Security Engineer at Arrow Electronics
Instructor