When you hear the word SIEM, I’m 90% sure the first thing that comes to your mind is Splunk. Okay maybe ELK…or LogRhythm….OR….I get it, these are all great SIEMs but Splunk happens to be one of the most popular and widely used SIEM.
By the way, just in case you didn’t know, SIEM- Security Information and Event Management. A SIEM platform essentially aggregates logs and datasets from various data sources and correlates all that information for easy searching, parsing & indexing.
In Cybersecurity, SIEMs are used to monitor & detect malicious activity across various devices in an IT infrastructure. Although the scope of a SIEM is not limited to this, that’s the majority of what it does.
To get started with this course head over to Splunk’s site and register for Free.
The Splunk 7.x Fundamentals 1 course introduces you to the Splunk platform and its several capabilities. The kind of things one can do with Splunk is very incredible. This course provided by Splunk is free and only requires you to create an account and having access to the training resources Splunk provides for this course. The course is very beginner-friendly and does not require any prior experience whatsoever with Splunk, SIEMs, or security at all. A beginner will be able to take this course and understand everything easily.
This course covers 14 modules each with video tutorials, lab materials, and a quiz. The video tutorials provided by Splunk are very short and succinct but also very interactive and attention-grabbing. After completing a set of videos for a module, you’re tasked with a lab (which I believe is optional but I highly recommend completing). This lab requires you to set up your own Splunk instance and ingest the provided datasets that’ll you’ll use throughout the course.
I set up my Splunk instance for the lab in a Ubuntu Server on VMware Workstation. This is a very simple process and the training provides you everything you need to get the lab set up on any Operating System. Either way please do not hesitate to reach out for help on my discord server if you run into any issues.
This course took me about 3 days to complete but it could have taken me a lot less if I wasn’t spending time on taking adequate notes and doing ALL the labs in the course. I highly recommend note-taking for this because it could help with your next stage of Splunk learning or generally for reference in your professional career. I also recommend doing all the labs in order to further solidify the knowledge from the video tutorials.
Some note-taking apps to consider are Notion(which I use), Cherrytree, One Note, Obsidian and so many more. The main goal is to have it down for reference.
Splunk training did an amazing job on this course with the videos, labs, and quizzes. The best part of it is that it is free! I urge you to check it out and try it out and get your hands dirty with Splunk.
The next step in this path is the Splunk Core Certified User Certification which I hope to do soon. I’ll make sure to document my experience with that as soon as I take and pass it but till then, take care!