Splunk Enterprise Security

Enterprise Security Admin vs User overlap and certification

professor_butte
New Member

I've been using and administering Splunk Enterprise since Splunk 4. I have certifications up to the current Splunk Architect level.

While I don't know that this will help any sort of transition, I'm interested in a move to cybersecurity and I'm looking at the one Splunk Enterprise Security certification that Splunk offers (Admin).

When reading the course descriptions, it seems to me that there's a lot of overlap between the "Using Splunk for Enterprise Security" course and the "Administering Splunk for Enterprise Security" courses.

Does anyone know if taking the admin course would actually cover most of what's in the Using course? That is, would being an admin mostly prepare you to be a user as well or do you really have to take both to understand anything other than being an admin?

I ask because I was unable to access SES at my previous job (just used Splunk in the regular IT sense). I find myself unemployed at the moment and while I can't show any experience on the SES side, I would like to at least show that I've done something serious with regards to SES.

Thanks very much

Mark

0 Karma
1 Solution

skalliger
SplunkTrust
SplunkTrust

The ES Admin course will give you a nice overview of the frameworks ES is running on and how to use them. It's a key to understand them if you ever want to get into a big ES deployment which should run smoothly.

It totally depends on how an organisation works with ES, but the course is good for beginners to understand what makes ES different from "core" (Splunk Enterprise) and the reasons why it's used by so many.

Skalli

View solution in original post

0 Karma

skalliger
SplunkTrust
SplunkTrust

The ES Admin course will give you a nice overview of the frameworks ES is running on and how to use them. It's a key to understand them if you ever want to get into a big ES deployment which should run smoothly.

It totally depends on how an organisation works with ES, but the course is good for beginners to understand what makes ES different from "core" (Splunk Enterprise) and the reasons why it's used by so many.

Skalli

0 Karma

professor_butte
New Member

Thanks very much.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...