Enhancing Cisco Security Solutions with Data Analytics (ECSS)

The Enhancing Cisco Security Solutions with Data Analytics (ECSS) training covers intermediate-level knowledge of Splunk, including its fundamentals, key components, and architecture so you can detect, investigate, and respond to security threats effectively. You’ll learn to utilize various Splunk components, including Splunk Enterprise, Splunk SIEM, and Splunk SOAR. You’ll also discover how to use and troubleshoot the Cisco Security Cloud App, Cisco Legacy Apps, and technology add-ons (TAs) for integrating Cisco security solutions with Splunk for enhancing user, cloud, and breach protections.  

This training also earns you 32 Continuing Education (CE) credits toward recertification.

How you’ll benefit

This class will help you:

• Aggregate data from all Cisco security products into a single Splunk instance for centralized visibility
• Monitor your security environment in real time to detect and respond to threats faster
• Streamline security workflows by reducing dashboard switching and manual data correlation
• Enhance decision-making with customizable dashboards and comprehensive, accurate insights
• Protect your organization more effectively by integrating Cisco security solutions with Splunk for unified threat detection and response
• Earn 32 CE credits toward recertification

Why Attend with Current Technologies CLC

• Our Instructors are in the top 10%
• Our Lab has a dedicated 1 Gig Fiber Connection for our Labs
• Our Labs Run up to Date Code for all our courses

Upon completing this course, the student will be able to meet these objectives:

• Explain the Splunk Enterprise/Cloud fundamentals
• Explain the use of SIEM, SOAR as part of the modern SOC architecture to enhance the SOC’s ability to detect, investigate, and respond to security threats effectively
• Implement Cisco Security Solutions to Splunk Integration using the Cisco Security Cloud App
• Implement Cisco Security Solutions to Splunk Integration using Cisco Legacy Apps and TAs
• Illustrate the value of integrating Cisco security solutions with Splunk using real-world use cases
• Troubleshoot the Cisco Security Cloud App and the Cisco Apps and TAs

The job roles best suited to the material in this course are:

• System Engineers
• SOC Engineers
• Network Architects

AGE REQUIREMENTS AND POLICIES CONCERNING MINORS

• The age requirement for attending the training or attempting the CSCU exam is restricted to any candidate that is at least 13 years old.
• If the candidate is under the age of 13, they are not eligible to attend the official training or eligible to attempt the certification exam unless they provide the accredited training center (ATC) or EC-Council a written consent of their parent or their legal guardian and a supporting letter from their institution of higher learning. Only applicants from nationally accredited institutions of higher learning shall be considered.

Disclaimer

• EC-Council reserves the right to impose additional restriction to comply with the policy. Failure to act in accordance with this clause shall render the authorized training center (ATC) in violation of their agreement with EC-Council. EC-Council reserves the right to revoke the certification of any person in breach of this requirement.

There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are: 

• Cisco CCNP Security or equivalent knowledge

These skills can be found in the following Cisco Learning Offering: 

• Implementing and Operating Cisco Security Core Technologies (SCOR)

Course Outline

• Overview of Splunk Enterprise and Splunk Cloud
• Splunk Enterprise and Splunk Cloud Components
• Splunk Enterprise Data Ingestion
• Splunk Search Programming Language
• Splunk Dashboards and Reports
• XDR, SIEM, and SOAR Platforms
• Cisco XDR, Splunk SIEM, and Splunk SOAR
• Cisco Security Cloud App
• Cisco Secure Firewall Integration
• Cisco Splunk Enterprise Integration
• Cisco Secure Malware Analytics, Duo, Secure Network Analytics, Email Threat Defense, and Multicloud Defense Integrations
• Cisco Security Legacy Apps and Technology Add-Ons
• Cisco ISE Integration
• Cisco NVM Integration
• Cisco Security Solutions and Splunk Use Case
• Cisco Splunk Use Case
• Troubleshoot General Splunk Issues
• Troubleshoot Cisco Security Cloud App
• Troubleshoot Cisco Legacy Apps and Add-ons

Lab Outline

• Explore Splunk Indexes
• Explore Splunk Web and CLI
• Verify and Test Data Ingestion
• Malware Events Analysis Using Splunk Enterprise Simulation
• Perform Search Queries
• Create Dashboards and Reports
• Explore Splunk SOAR
• Explore Cisco XDR Incident Investigation
• Cisco Secure Firewall Integration with Splunk
• Cisco XDR to Splunk Enterprise Integration Simulation
• Cisco Duo Integration Simulation
• Cisco SMA Integration Simulation
• Cisco SNA Integration Simulation
• Explore the Cisco ISE Integration with Splunk Using the Legacy ISE App and TA
• Explore the Cisco NVM Integration with Splunk Using the Legacy CESA App and TA
• Investigate Ransomware Using Splunk Enterprise with the Various Cisco Security Apps
• Troubleshoot Cisco Security Cloud App with Cisco Secure Firewall Integration
• Troubleshooting Cisco ISE Integration with Splunk
• Troubleshooting Cisco NVM Integration with Splunk