Splunk Enterprise Security Certified Admin
Are you a visual learner? Download the certification track flowchart here.
A Splunk Certified Enterprise Security Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations. This certification demonstrates an individual's ability to install, configure, and manage a Splunk Enterprise Security deployment.
Please note: There are two approved coursework paths for this certification track. Candidates may complete either Splunk Enterprise System Administration and Splunk Enterprise Data Administration or Splunk Cloud Administration as part of this certification track. All courses are linked below for reference.
This 2 virtual day course is designed for system administrators who manage a Splunk Enterprise environment. Topics include Splunk license manager, indexers and search heads, configuration, management, and monitoring.
This 3 virtual day course is for data administrators who are responsible for getting data into Splunk. The course provides content about Splunk forwarders and methods to get remote data into Splunk.
This 3 virtual day course prepares administrators to manage users and get data in to Splunk Cloud. Topics include data inputs and forwarder configuration, data management, user accounts, and basic monitoring.
This 3 virtual day course prepares architects and systems administrators to install, configure and manage the Splunk App for Enterprise Security.