Accredited ES Implementation
Being accredited in ES Implementation, your job is to design and implement Splunk Enterprise Security (ES) following best practices
You will learn how to:
-
Onboard data following Splunk's Common Information Model (CIM)
-
Correctly install Enterprise Security and configure with necessary correlation data
-
Implement basic security use cases in the ES product
​
The pre-requisites are Splunk Accredited Implementation Fundamentals or Splunk Accredited Core Implementation
Learning Path
The Using Enterprise Security course prepares security practitioners to track security incidents, analyse security risks, use predictive analytics, and threat discovery.
The Using Enterprise Security course covers the use of Enterprise Security’s dashboards, forms and workflow to identify, find root cause and resolve security issues.
The Administering Enterprise Security course prepares architects and systems administrators to install, configure and manage Splunk Enterprise Security.
The Administering Enterprise Security covers ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.
This exam is free of charge in the Splunk partner portal
-
ES Implementation Course Overview
-
Introduction to Basic Security Principals
-
Splunk Sizing Calculators
-
Installing Splunk for ES
-
Onboarding Data
-
Installing ES with Best Practices Deployment Guide
-
ES Under-the-Hood (2-Parts)
-
Enterprise Security 6.x Refresh
-
ES Frameworks
-
ES Integrations
-
Configuring ES with the Best Practices Deployment Guide
-
Splunk Security Use Cases
-
Risk Based Alerting
-
MITRE ATT&CK
-
Upgrading ES
-
Troubleshooting ES
-
ES Implementation Accreditation Practice Lab 1 - Services eLearning Series
-
ES Implementation Accreditation Practice Lab 2 - Services eLearning Series
-
ES Implementation Accreditation Practice Lab 3 - Services eLearning Series
Certifications Exam
When you’re ready to take a Splunk Certification exam, please view the Exam-Registration-Tutorial for registration assistance. As a reminder, each exam attempt costs US$125. Bulk registration vouchers can be purchased at a discounted price of five registrations for US$500.
How to register for your exam
​
There are three ways to purchase a PearsonVUE registration voucher:
​
1) Directly from PearsonVUE
This is the most streamlined approach. Follow the steps for account creation and exam registration provided at www.pearsonvue.com/splunk
Payment will be collected at the time of registration. You can also visit the Pearson VUE voucher store for direct purchase.
​
2) From Splunk (as an individual)
Log into your existing account at Splunk.com/Education to purchase a registration code. Payment can be made via credit card or existing Splunk Education credits. Splunk will email you a unique registration code, which can be used for registration at www.pearsonvue.com/splunk .
3) From Splunk (as an account)
Your Splunk Sales Rep can add certification exams to any deal. Once the number of vouchers has been requested, Splunk will email your unique registration codes, which can be used for registration at www.pearsonvue.com/splunk
​
All scheduled exams are subject to a minimum 24-hour cancellation and/or rescheduling policy. Failure to cancel or reschedule an exam within this timeframe results in forfeiture of registration fee.