ＨｉｄｅＺｅｒｏＯｎｅ

Splunk is a data analysis platform that allows security practitioners to centralize data, search through it, correlate events, and create security analytics and dashboards. It’s also the most popular commercial SIEM used by security teams to perform investigations and threat hunting. Splunk for Security Analysts will teach you how to use Splunk to onboard data, extract meaningful fields, and search through it using real security data to conduct security research and investigations. This course goes beyond the documentation to provide a diverse set of real-world security data that you’ll use to gain confidence with Splunk’s extensive capabilities.

The Splunk Data Pipeline

Data Onboarding

Finding and Exploring Data

Enrichment and Advanced Filtering

Sharing, Scheduling, and Alerting

Visualization and Dashboards

Learn to use YARA to detect malware, triage compromised systems, and perform threat intelligence research. Detecting malicious elements within files is a core security skill for incident responders, SOC analysts, threat intelligence analysts, malware analysts, and detection engineers alike. There are different ways to accomplish that goal, but none are more flexible or widely used as YARA. YARA is a pattern-matching tool used to help identify and classify malware in a variety of scenarios. By writing YARA rules, security practitioners can detect whether malware exists within a group of files, triage a potentially compromised host, or identify common elements between samples to bolster threat intelligence.

YARA Fundamentals

YARA Rule Syntax

Detection Research Methodology

Ruleset Management

Adversary Tradecraft