Course Description
Splunk Enterprise Security Certified Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations. This exam demonstrates the candidate’s ability to install, configure, and manage a Splunk Enterprise Security deployment.
The Splunk Enterprise Security (ES) Certified Admin exam is the final step towards completion of the Splunk ES Certified Admin certification.
Program Objectives
- Identifying normal ES use cases
- Examining deployment requirements for typical ES installs
- Knowing how to install ES and gather information for lookups
- Knowing the steps to setting up inputs using technology add-ons
- Creating custom correlation searches
- Configuring ES risk analysis, threat, and protocol intelligence
- Fine tuning ES settings and other customizations
Prerequisites
Recommended Prerequisite Courses
Candidates for this exam are recommended to complete the lecture, hands-on labs, and quizzes that are part of the:
Either
• Splunk Enterprise System Administration
• Splunk Enterprise Data Administration courses
Or
• Splunk Cloud Administration course
And
Administering the Splunk Enterprise Security course
Course Features
- Lectures 30
- Quizzes 0
- Duration 12 hours
- Skill level All levels
- Language English
- Students 306
- Certificate No
- Assessments Yes
