To better prepare myself for my first cybersecurity role I decided to take the Splunk 7.x Fundamentals online course which gave me the basic knowledge of using the SIEM and some good practices to apply in the future.
Using the SIEM reminded me of tasks I was set within my Data Analytics module at university. At uni, I used python libraries such as ‘pandas’ and ‘matplotlib’ to filter down multiple datasets and visualise them into line graphs and bar charts, to be used within a presentation. Using Splunk was a very similar process, using the search bar to filter down data and using the reports and dashboard features to display that data.
I found Splunk very intuitive to use and easy to get to grips with. The UI was very easy to use and the only real issue was remembering the syntax for queries, which I'm sure will come with experience. I felt that both the lectures and especially the labs offered as part of the course were extremely helpful in being able to pick up the application quickly. The lectures gave me a great basic understanding of the application and the labs challenged me to apply what I had learnt. Solutions were also provided for any places where I needed some guidance.
Overall the course was a very enjoyable experience and has helped in developing my skills in Splunk for a cybersecurity role in the future. My only recommendation would be to include practical scenarios in the final quiz, rather than just having the multiple-choice questions in order for students to further test their knowledge.
Now with the basic knowledge of Splunk, I plan on using “Malware-traffic-analysis.net” which will give me scenarios and datasets in order to practice what I have learnt.