Use this quick start guide to collect all the information about Splunk SOAR Automation Developer (SPLK-2003) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the SPLK-2003 Splunk SOAR Certified Automation Developer exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Splunk SOAR Automation Developer certification exam.
The Splunk SOAR Automation Developer certification is mainly targeted to those candidates who want to build their career in SOAR domain. The Splunk SOAR Certified Automation Developer exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Splunk SOAR Automation Developer.
Splunk SOAR Automation Developer Exam Summary:
| Exam Name | Splunk SOAR Certified Automation Developer |
| Exam Code | SPLK-2003 |
| Exam Price | $130 (USD) |
| Duration | 60 mins |
| Number of Questions | 45 |
| Passing Score | 700 / 1000 |
| Schedule Exam | Pearson VUE |
| Sample Questions | Splunk SOAR Automation Developer Sample Questions |
| Practice Exam | Splunk SPLK-2003 Certification Practice Exam |
Splunk SPLK-2003 Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| Deployment, Installation, and Initial Configuration |
- Describe SOAR operating concepts
- Identify documentation and community resources - Identify installation and upgrade options - Describe SOAR architecture - Configure licenses, administration, and product settings |
5% |
| User Management |
- Configure authentication options
- Add users - Add roles |
5% |
| Apps, Assets, and Playbooks |
- Configure apps
- Configure assets - Configure data ingestion assets - Configure labels and SLAs - Manage playbooks |
5% |
| Analyst Queue |
- Use the Analyst Queue
- Use search features - Create filters - Use the indicator view |
5% |
| The Investigation Page |
- Use the Investigation page to work on events
- Manually run actions and examine action results - Manually run playbooks - Use the file tab to store related files |
10% |
| Case Management and Workbooks |
- Use case management for complex investigations
- Use workbooks - Mark items as evidence |
5% |
| Customizations |
- Customize severity levels
- Customize CEF fields - Customize status values - Customize workbooks - Add global custom fields to containers |
5% |
| System Maintenance |
- Run reports
- Use system health displays - Examine health logs |
5% |
| Introduction to Playbooks |
- Understand automation best practices
- Describe playbook capabilities - Determine available app actions - Use I2A2 design methodology |
5% |
| Visual Playbook Editor |
- Use the visual playbook editor
- Execute actions from a playbook - Test new playbooks |
5% |
| Logic, Filters, and User Interaction |
- Use decision blocks
- Use filter blocks to process data - Describe the use of different join options - Interact with users during playbook execution |
5% |
| Formatted Output and Data Access |
- Use Format blocks to structure data
- Understand the structure of action results - Compose datapaths to access data - Use the utility block to modify containers |
5% |
| Modular Playbook Development |
- Design modular solutions with interacting playbooks
- Invoke child playbooks from a parent - Exchange data between playbooks |
5% |
| Custom Lists and Data Routing |
- Create custom lists
- Access lists from playbooks - Use filters to control data flow |
5% |
| Configuring External Splunk Search |
- Describe the benefits of externalizing search to Splunk
- Configure the SOAR instance for externalization - Configure the Splunk instance for externalization - Use reindex to push existing content to the Splunk instance - Use the Splunk app for Phantom Reporting |
5% |
| Integrating SOAR into Splunk |
- Install the Splunk App for SOAR Export
- Send Enterprise Security notables to SOAR - Install and configure the Splunk app in SOAR - Use Splunk search from playbooks |
10% |
| Custom Coding |
- Describe when and when not to use the global block
- Use custom function blocks - Write and test custom SOAR code |
5% |
| Using REST |
- Describe the capabilities of SOAR REST API
- Use Django queries to search for data in SOAR - Use SOAR REST from other systems to access SOAR data |
5% |
To ensure success in Splunk SOAR Automation Developer certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Splunk SOAR Certified Automation Developer (SPLK-2003) exam.