Splunk Phantom Admin
Review for the SPLK 2003 Splunk Phantom Certified Admin certificate
Updated:
Stats
- Study time: 5 half days of virtual training
- Exam time: 28 minutes
- Result: PASS
Study resources
- Test blue print: https://www.splunk.com/pdfs/training/Splunk-Test-Blueprint-Phantom.pdf
- Administering Phantom: https://www.splunk.com/en_us/training/courses/introduction-to-phantom.html
- Developing Phantom Playbooks: https://www.splunk.com/en_us/training/courses/developing-phantom-playbooks.html
- Advanced Phantom Implementation: https://www.splunk.com/en_us/training/courses/advanced-phantom-implementation.html
Review
Apart from the actual playbook logic and data path, make sure to be familiar with the GUI and the integration with Splunk. Key area includes:
- Connection with Splunk
- Web console GUI
- Data paths
- REST API endpoints and filters
- Filters vs decisions
Comments