π‘οΈ Elastic Certified Analyst
π§ 1. Certification Name and Issuing Body
Full certification name: Elastic Certified Analyst
Issuing organization: Elastic (Elastic.co)
Official website: https://www.elastic.co/training/elastic-certified-analyst
𧩠2. Certification Level and Type
Level: Intermediate
Type: Technical (Security Analytics / SIEM)
π 3. Purpose and Goals
What skills does it certify?
Ability to search, analyze, and visualize data within the Elastic Stack; create dashboards, filter and correlate events; use Kibana effectively for operational and security monitoringTarget roles or profiles:
SOC Analyst, Security Data Analyst, SIEM Specialist, Threat Detection AnalystPractical applications:
Daily log analysis, dashboard creation, event investigation, detection rule tuning, and incident monitoring using Kibana and Elasticsearch
π 4. Prerequisites
Recommended prior certifications:
None required, but familiarity with Kibana and Elasticsearch is strongly recommendedSuggested experience:
6β12 months of hands-on experience using the Elastic StackRequired technical knowledge:
Basic understanding of JSON, log formats, field mapping, search syntax (Lucene/KQL), dashboards, and time-series analysis
π 5. Content and Curriculum
Key domains/modules:
Data Exploration using Discover
Filtering, Sorting, and Searching with KQL
Aggregations and Data Breakdown
Creating Visualizations and Dashboards
Data Field Formatting and Metadata
Alerting and Kibana Lens
Technologies/tools:
Elasticsearch, Kibana (Lens, Visual Builder, Discover, Dashboard), KQL, Elastic CloudFramework mapping:
Aligns indirectly with NIST CSF (Detect) and MITRE ATT&CK (via Elastic Security SIEM integration)
π§ͺ 6. Learning Approach
Style: 100% practical, hands-on in a live environment
Labs/environments: Interactive lab environment during exam (browser-based, Elastic Cloud instance)
Materials: Elastic training portal, practice exercises, official documentation, video tutorials
Recommended platforms: Elastic Cloud (free trial), Elastic Training, CyberDefenders (ELK challenges)
π 7. Exam Format and Details
Mode: Online, proctored (webcam + screen monitoring)
Duration: 90 minutes
Questions: Task-based in a live Kibana environment
Languages: English
Passing score: ~70% (not officially disclosed)
Retake policy: One retake included
Certification validity: 2 years
π° 8. Estimated Cost
Exam fee: $200 USD
Training cost (optional): $600β$1,000 USD for official courses
Retake cost: Free retake included within 12 months of purchase
π 9. Industry Recognition
Demand/popularity: Increasingly valued in companies using Elastic as a SIEM/log platform
Organizations that value it: MSSPs, SOCs, fintechs, tech companies using ELK for observability or security
Comparison:
More technical and tool-specific than CySA+
Less conceptual than GCIH or GCIA, but deeper hands-on experience with Elastic tools
Comparable to Splunk Core Certified Power User (Elastic-focused alternative)
πΌ 10. Career Opportunities
Job roles:
SOC Analyst (L1/L2), SIEM Analyst, Threat Detection Analyst, Logging EngineerSuggested paths:
β Elastic Certified Analyst β Elastic Certified Engineer / Elastic Security Analyst
β CySA+ + Elastic Analyst = Solid Blue Team Data Operations Profile
π΅ 11. Average Salary
USA: $75,000β$95,000/year
Europe: β¬45,000ββ¬70,000/year
Salary impact: High in Elastic-based SOCs; very useful in DevSecOps/observability teams
(Sources: LinkedIn job data, Elastic training partners)
π 12. Renewal and Maintenance
Validity: 2 years
Renewal options:
Retake the latest version of the exam
Enroll in updated training and certification path
π§ 13. Final Recommendations
Ideal for:
SOC analysts and log reviewers working in environments using ELK stack or Elastic CloudWhen to pursue:
After initial SIEM/log experience, or alongside CySA+/SC-200Tips:
Use Elastic Cloud for practice. Master KQL and visualizations. Focus on use cases like alert creation, threat correlation, and time-based filtering.