Enhancing Cisco Security Solutions with Splunk (ECSS)

In this Enhancing Cisco Security Solutions with Data Analytics course provides a comprehensive introduction to Splunk Enterprise and Splunk Cloud, with a strong focus on integrating Cisco security technologies for centralized monitoring, analytics, and incident response. The curriculum begins by establishing foundational Splunk concepts, including core components, data ingestion methods, the Splunk Search Processing Language, and the creation of dashboards and reports. Learners gain hands-on experience exploring Splunk interfaces, validating data ingestion, and performing effective searches to transform raw security data into actionable intelligence.

The course then expands into security operations, introducing XDR, SIEM, and SOAR concepts and demonstrating how Cisco XDR, Splunk SIEM, and Splunk SOAR work together within the Cisco Security Cloud. Students explore integrations with Cisco Secure Firewall, Cisco Secure Malware Analytics, Duo, Secure Network Analytics, Email Threat Defense, Multicloud Defense, Cisco ISE, and Network Visibility Module, learning how security telemetry from across the enterprise is correlated within Splunk. Both modern Cisco Security Cloud applications and legacy Splunk apps and technology add-ons are examined to provide a complete understanding of integration options and use cases.

Operational skills are reinforced through extensive labs focused on malware and ransomware investigation, incident analysis, dashboard creation, and end-to-end troubleshooting. Students learn how to diagnose data ingestion issues, resolve integration problems with Cisco security platforms, and investigate real-world security incidents using Splunk Enterprise, Cisco XDR, and Splunk SOAR workflows. By the end of the course, learners are equipped to deploy, integrate, analyze, and troubleshoot Splunk-based security monitoring solutions in complex enterprise environments.

How You'll Benefit

This training will help you:  

• Aggregate data from all Cisco security products into a single Splunk instance for centralized visibility
• Monitor your security environment in real time to detect and respond to threats faster
• Streamline security workflows by reducing dashboard switching and manual data correlation
• Enhance decision-making with customizable dashboards and comprehensive, accurate insights
• Protect your organization more effectively by integrating Cisco security solutions with Splunk for unified threat detection and response
• Earn 32 CE credits toward recertification

Upon completing this course, the student will be able to meet these objectives:

• Explain the Splunk Enterprise/Cloud fundamentals
• Explain the use of SIEM, SOAR as part of the modern SOC architecture to enhance the SOC’s ability to detect, investigate, and respond to security threats effectively
• Implement Cisco Security Solutions to Splunk Integration using the Cisco Security Cloud App
• Implement Cisco Security Solutions to Splunk Integration using Cisco Legacy Apps and TAs
• Illustrate the value of integrating Cisco security solutions with Splunk using real-world use cases
• Troubleshoot the Cisco Security Cloud App and the Cisco Apps and TAs

The job roles best suited to the material in this course are:

• System Engineers
• SOC Engineers
• Network Architects

AGE REQUIREMENTS AND POLICIES CONCERNING MINORS

• The age requirement for attending the training or attempting the CSCU exam is restricted to any candidate that is at least 13 years old.
• If the candidate is under the age of 13, they are not eligible to attend the official training or eligible to attempt the certification exam unless they provide the accredited training center (ATC) or EC-Council a written consent of their parent or their legal guardian and a supporting letter from their institution of higher learning. Only applicants from nationally accredited institutions of higher learning shall be considered.

Disclaimer

• EC-Council reserves the right to impose additional restriction to comply with the policy. Failure to act in accordance with this clause shall render the authorized training center (ATC) in violation of their agreement with EC-Council. EC-Council reserves the right to revoke the certification of any person in breach of this requirement.

There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are: 

• Cisco CCNP Security or equivalent knowledge

These skills can be found in the following Cisco Learning Offering: 

• Implementing and Operating Cisco Security Core Technologies (SCOR)

Course Outline

Module 1: Overview of Splunk Enterprise and Splunk Cloud

Module 2: Splunk Enterprise and Splunk Cloud Components

Module 3: Splunk Enterprise Data Ingestion

Module 4: Splunk Search Programming Language

Module 5: Splunk Dashboards and Reports

Module 6: XDR, SIEM, and SOAR Platforms

Module 7: Cisco XDR, Splunk SIEM, and Splunk SOAR

Module 8: Cisco Security Cloud App

Module 9: Cisco Secure Firewall Integration

Module 10: Cisco Splunk Enterprise Integration

Module 11: Cisco Secure Malware Analytics, Duo, Secure Network Analytics, Email Threat Defense, and Multicloud Defense Integrations

Module 12: Cisco Security Legacy Apps and Technology Add-Ons

Module 13: Cisco ISE Integration

Module 14: Cisco NVM Integration

Module 15: Cisco Security Solutions and Splunk Use Case

Module 16: Cisco Splunk Use Case

Module 17: Troubleshoot General Splunk Issues

Module 18: Troubleshoot Cisco Security Cloud App

Module 19: Troubleshoot Cisco Legacy Apps and Add-ons

Lab Outline

• Lab 1: Explore Splunk Indexes
• Lab 2: Explore Splunk Web and CLI
• Lab 3: Verify and Test Data Ingestion
• Lab 4: Malware Events Analysis Using Splunk Enterprise Simulation
• Lab 5: Perform Search Queries
• Lab 6: Create Dashboards and Reports
• Lab 7: Explore Splunk SOAR
• Lab 8: Explore Cisco XDR Incident Investigation
• Lab 9: Cisco Secure Firewall Integration with Splunk
• Lab 10: Cisco XDR to Splunk Enterprise Integration Simulation
• Lab 11: Cisco Duo Integration Simulation
• Lab 12: Cisco SMA Integration Simulation
• Lab 13: Cisco SNA Integration Simulation
• Lab 14: Explore the Cisco ISE Integration with Splunk Using the Legacy ISE App and TA
• Lab 15: Explore the Cisco NVM Integration with Splunk Using the Legacy CESA App and TA
• Lab 16: Investigate Ransomware Using Splunk Enterprise with the Various Cisco Security Apps
• Lab 17: Troubleshoot Cisco Security Cloud App with Cisco Secure Firewall Integration
• Lab 18: Troubleshooting Cisco ISE Integration with Splunk
• Lab 19: Troubleshooting Cisco NVM Integration with Splunk