SIEM Core Curriculum

Gain structured, hands-on knowledge of SIEM fundamentals—data ingestion, normalization, indexing, search, and detection logic—through a progressive, real-world curriculum built around Splunk.

Platform-Focused Guidance

Learn how SIEM platforms actually work under the hood. Concepts are taught from an architectural and data-engineering perspective, with clear explanations of why configurations, searches, and detections behave the way they do.

Hands-On SIEM Labs

Apply what you learn by building ingestion pipelines, writing SPL searches, creating detections, and validating data quality through practical, guided SIEM labs.

About the Course

The TechForward SIEM Program teaches the fundamentals of modern SIEM platforms through hands-on learning. You’ll work with real data, build ingestion pipelines, write searches, and create detections using Splunk—focusing on how SIEMs actually work, not just how to use them.

Meet Your Instructor,  Debo Akonai

Hello, I’m Debo, a cybersecurity professional with a strong background in security fundamentals, Linux systems, cloud platforms, and core IT infrastructure. Throughout my career, I’ve learned that effective security starts with understanding how systems actually work—from operating systems and networks to cloud environments and identity. This course is designed to help you build that foundation. My goal is to equip you with practical knowledge in IT and security essentials so you can understand what you’re protecting, how environments are built, and why security controls behave the way they do. With the right fundamentals in place, everything else in cybersecurity becomes clearer and more effective.

Course Curriculum

10 Chapters · 69 Lessons

  1. 1

    Domain 1 - Splunk Foundations & Architecture

    1. (Included in full purchase)

      Module 1 - What is Big Data? The 4 v's of big data?

    2. (Included in full purchase)

      Module 2 - What is Splunk? (Use cases, product overview)

    3. (Included in full purchase)

      Module 3 - Splunk components: Indexer, Search Head, Forwarders, Deployment Server, Heavy Forwarder

    4. (Included in full purchase)

      Module 4 - Indexing pipeline (Parsing, Indexing, Searching)

    5. (Included in full purchase)

      Module 5 - Licensing and deployment options

    6. (Included in full purchase)

      Module 6 - Demo: Install Splunk Enterprise on Linux

    7. (Included in full purchase)

      Module 7 - Understanding the Splunk Application

    8. (Included in full purchase)

      Module 8 - Upgrading Splunk

    9. (Included in full purchase)

      Module 9 - Demo: Upgrading Splunk Enterprise on Linux

    10. (Included in full purchase)

      Module 10 - Introduction to Splunk Search Interface

  2. 2

    Domain 2 - Search Fundamentals for Administrators

    1. (Included in full purchase)

      Module 1 - Basic Search Syntax

    2. (Included in full purchase)

      Module 2 - Essential Search Commands

    3. (Included in full purchase)

      Module 3 - Working with Time and Fields

    4. (Included in full purchase)

      Module - Lab - Validate Data Ingestion with Search

  3. 3

    Domain 3 - Data Ingestion & Indexing Pipeline

    1. (Included in full purchase)

      Writing Automated Tests

    2. (Included in full purchase)

      Module 1 - Inputs overview: Monitor, TCP/UDP, Scripted

    3. (Included in full purchase)

      Module 2 - Data flow: Parsing queue to Indexing queue

    4. (Included in full purchase)

      Module 3 - Index-time vs Search-time operations

    5. (Included in full purchase)

      Module 4 - Bucket types, structure, and retention

    6. (Included in full purchase)

      Module 5 - Configuring inputs.conf and indexes.conf

    7. (Included in full purchase)

      Module 6 - Hands-on: Ingest sample logs and verify indexing

  4. 4

    Domain 4 - Forwarders, Routing & Deployment Server

    1. (Included in full purchase)

      Module 1 - Universal Forwarder vs Heavy Forwarder

    2. (Included in full purchase)

      Module 2 - Installing and configuring forwarders

    3. (Included in full purchase)

      Module 3 - outputs.conf: routing to indexers or HFs

    4. (Included in full purchase)

      Module 4 - Configuring Deployment Server (serverclass.conf)

    5. (Included in full purchase)

      Module 5 - Best practices for forwarder management

    6. (Included in full purchase)

      Module 6 - Lab: Manage multiple forwarders with Deployment Server

  5. 5

    Domain 5 - Data Parsing, Normalization & Syslog Pipelines

    1. (Included in full purchase)

      Module 1 - props.conf overview: LINE_BREAKER, TIME_PREFIX, etc.

    2. (Included in full purchase)

      Module 2 - Timestamp extraction, event breaking

    3. (Included in full purchase)

      Module 3 - transforms.conf: field extractions, routing, masking

    4. (Included in full purchase)

      Module 4 - Index-time vs Search-time field extraction

    5. (Included in full purchase)

      Module 5 - Best practices for onboarding structured/unstructured logs

    6. (Included in full purchase)

      Module 6 - Lab: Mask and route logs using transforms

    7. (Included in full purchase)

      Module 7 - Syslog, syslog-ng, and rsyslog for log ingestion

  6. 6

    Domain 6 - Splunk Security, Authentication & Encryption

    1. (Included in full purchase)

      Module 1 - Security & Authentication

    2. (Included in full purchase)

      Module 2 - Role-based access control (authorize.conf)

    3. (Included in full purchase)

      Module 3 - Enabling and configuring TLS/SSL

    4. (Included in full purchase)

      Module 4 - Secure communication: Forwarders to Indexers

    5. (Included in full purchase)

      Module 5 - Lab: Implement TLS and configure secure roles

  7. 7

    Domain 7 - Distributed Architecture & Clustering

    1. (Included in full purchase)

      Module 1 - Distributed Search

    2. (Included in full purchase)

      Module 2 - Search Head and Search Peer setup

    3. (Included in full purchase)

      Module 3 - Search bundles and knowledge object replication

    4. (Included in full purchase)

      Module 4 - KV Store: use cases and configuration

    5. (Included in full purchase)

      Module 5 - Lab: Connect multiple indexers to a search head

    6. (Included in full purchase)

      Module 6 - Indexer Clustering - What is indexer clustering? When to use it

    7. (Included in full purchase)

      Module 7 - Cluster Master, Peer Nodes, and Search Heads

    8. (Included in full purchase)

      Module 8 - Replication Factor (RF) and Search Factor (SF)

    9. (Included in full purchase)

      Module 9 - Bucket replication and failure recovery

    10. (Included in full purchase)

      Module 10 - Configuration files: server.conf, indexes.conf

    11. (Included in full purchase)

      Module 11 - Lab: Deploy a 3-node indexer cluster

    12. (Included in full purchase)

      Module 12 - Search Head Clustering - Overview of Search Head Clustering

    13. (Included in full purchase)

      Module 13 - Deployer configuration and app bundling

    14. (Included in full purchase)

      Module 14 - Cluster members communication and state sync

    15. (Included in full purchase)

      Module 15 - Troubleshooting SHC replication and conflicts

    16. (Included in full purchase)

      Module 16 - Lab: Set up a 3-node Search Head Cluster with Deployer

  8. 8

    Domain 8 - Advanced Search & Development

    1. (Included in full purchase)

      Module 1 - Components of the Search Head

    2. (Included in full purchase)

      Module 2 - SPL (Search Processing Language)

    3. (Included in full purchase)

      Module 3 - CIM (Common Information Model)

    4. (Included in full purchase)

      Module 4 - Building Production Splunk Apps

  9. 9

    Domain 9 - Final Splunk Enterprise Architecture Project 1

    1. (Included in full purchase)

      Module 1 - Final Capstone Project 1 - Design Core Splunk Backend Architecture (Domains 1, 2, 3, 6)

    2. (Included in full purchase)

      Module 2 - Implement core Splunk roles (Domains 1, 2, 3, 6)

    3. (Included in full purchase)

      Module 3 - Implement ingestion & routing using core configs (Domains 2 & 3)

    4. (Included in full purchase)

      Module 4 - Validate distributed search, clustering, and data flow (Domain 6)

    5. (Included in full purchase)

      Module 5 - Document and present architecture

  10. 10

    Domain 10 - Final Splunk Enterprise Architecture Project 2

    1. (Included in full purchase)

      Module 1 - Final Capstone Project 2 - Refine & extend architecture (Domains 1, 2, 3, 6)

    2. (Included in full purchase)

      Module 2 - Implement full parsing & normalization pipeline (Domain 4)

    3. (Included in full purchase)

      Module 3 - Implement security, authentication & TLS (Domain 5)

    4. (Included in full purchase)

      Module 4 - End-to-end validation: data, clustering, security (Domains 2, 4, 5, 6)

    5. (Included in full purchase)

      Module 5 - Final presentation & documentation (Domains 1–6)

Student Testimonials

Discover how our course has transformed the testing skills and careers of our students.

Text-only testimonials are quick to scan and can highlight the value of your product at a glance.
Jessica L.

Las Vegas, NV

The combination of text and imagery make the testimonial feel more personal and credible.
Ashley T.

Working mom

Finally, a handbook that makes photography feel simple! It covers everything from camera settings to post-processing in a way that actually makes sense.
Anna W.

Amateur photographer

Ready to Build Core SIEM Skills?

Gain hands-on experience with log ingestion, search, detection logic, and automation using Splunk. Build a strong SIEM foundation you can apply immediately in real environments.

$1,000.00 first payment, $25.00 / month onwards

Enroll Now