Splunk Certified Cybersecurity Defense Analyst

Splunk Certified Cybersecurity Defense Analyst Exam

The Splunk Certified Cybersecurity Defense Analyst exam has been developed to demonstrate your proficiency in cybersecurity defense by earning the Splunk Certified Cybersecurity Defense Analyst certification. This exam is tailored for professionals with intermediate experience using Splunk Enterprise and Enterprise Security, focusing on analytics, threat-hunting, risk-based alerting, and best practices within the industry.

Who should take the Exam?

• Career Advancement: Boost your professional profile with a certification that recognizes your capabilities as a Splunk Certified Cybersecurity Defense Analyst.
• SOC Analysts: Strengthen your role in cybersecurity defense by optimizing the use of Splunk Enterprise and Enterprise Security tools.
• Cybersecurity Experts: Enhance your career in Security Operations Center (SOC) analysis or cyber defense by becoming a certified Splunk Cybersecurity Defense Analyst.

Skills Acquired

The Splunk Certified Cybersecurity Defense Analyst exam assesses your ability to identify, analyze, and counter cyber threats using Splunk Enterprise and Enterprise Security. Key topics include comprehending the cyber threat landscape, understanding various threat and attack types, implementing defenses and SIEM best practices, conducting investigations, efficient searching with SPL, and advanced threat-hunting techniques.

Exam Outline

The Splunk Certified Cybersecurity Defense Analyst Exam includes the following key areas:

Domain 1 - Understanding Cyber Landscape, Frameworks, and Standards (10%)

1.1: Outline the typical structure and roles within a Security Operations Center (SOC), including Analysts, Engineers, and Architects.

1.2: Recognize key industry controls, standards, and frameworks and how Splunk integrates them.

1.3: Understand core security principles such as confidentiality, integrity, availability, and basic risk management.

Domain 2 - Understanding Threat and Attack Types, Motivations, and Tactics (20%)

2.1: Identify common cyber threats and attack vectors.

2.2: Understand key concepts like supply chain attacks, ransomware, and social engineering.

2.3: Explore various levels of Threat Intelligence and their applications.

2.4: Understand annotations within Splunk Enterprise Security.

2.5: Recognize the importance of tactics, techniques, and procedures (TTPs) in cybersecurity.

Domain 3 - Understanding Defenses, Data Sources, and SIEM Best Practices (20%)

3.1: Identify critical cyber defense systems and data sources.

3.2: Understand SIEM best practices and foundational concepts in Splunk Enterprise Security.

3.3: Learn how to leverage Splunk Security Essentials and Enterprise Security for assessing data sources.

Domain 4 - Understanding Investigation, Event Handling, Correlation, and Risk (20%)

4.1: Follow the investigation process and understand Splunk's continuous monitoring methodology.

4.2: Understand analyst performance metrics like MTTR and dwell time.

4.3: Accurately assign event dispositions in a security context.

4.4: Master key components of Splunk Enterprise Security, including SPL, Notable Events, and Risk-Based Alerting.

4.5: Familiarize yourself with built-in dashboards and the information they present.

4.6: Understand the essentials of Risk-Based Alerting and how to create correlation searches within Enterprise Security.

Domain 5 - Understanding SPL and Efficient Searching (20%)

5.1: Learn essential SPL terms and their applications in security analysis.

5.2: Apply best practices for crafting efficient searches in Splunk.

5.3: Explore SPL resources available within Splunk Enterprise Security, Splunk Security Essentials, and Splunk Lantern.

Domain 6 - Understanding Threat Hunting and Remediation (10%)

6.1: Identify various threat-hunting techniques and their applications.

6.2: Understand long tail analysis, outlier detection, and hypothesis hunting in Splunk.

6.3: Configure adaptive response actions for appropriate scenarios.

6.4: Learn about SOAR (Security Orchestration, Automation, and Response) playbooks and how to trigger them from Splunk Enterprise Security.