Security Operations and the Defense Analyst

Cisco Networking Academy & Splunk 20+ hours (self-paced) English and multiple languages Free course Digital Badge 4.6 (800+ reviews)

Free course

Go to Course

Course Description

Security operations centers (SOCs) are the front line of defense against cyber attacks. And Splunk is one of the most widely used tools in those SOCs. This course, developed by Cisco Networking Academy in partnership with Splunk, trains you for the real-world role of a defense analyst.

You'll learn how to use Splunk to ingest, search, and analyze security data from across an organization. The course covers SIEM (Security Information and Event Management) fundamentals, log analysis, threat hunting, creating dashboards, and incident response workflows. You'll work in hands-on Splunk labs—no installation required—investigating realistic security scenarios.

This free, self-paced course takes about 20 hours to complete. It's ideal for aspiring security analysts, SOC professionals, and anyone who wants to learn Splunk for cybersecurity. Upon completion, you'll earn an official Cisco digital badge that proves your Splunk security operations skills.

Course Provider

Provider: Cisco Networking Academy, in partnership with Splunk, a leader in security data and analytics platforms.

Platform: Cisco NetAcad online platform – fully online, self-paced, with integrated Splunk labs (no software installation required).

Accreditation: This course aligns with industry standards for security operations and Splunk fundamentals. It's excellent preparation for Splunk certifications and SOC analyst roles.

Course Syllabus (Key Modules)

Module 1: Security Operations Center (SOC) Fundamentals – SOC roles, functions, and workflows. The role of a defense analyst.

Module 2: Introduction to Splunk – Splunk architecture, data ingestion, search language basics (SPL), and creating simple searches.

Module 3: Log Analysis and Event Investigation – Normalizing data, identifying suspicious events, and investigating security incidents with Splunk.

Module 4: Threat Hunting – Proactive hunting techniques, using Splunk to find hidden threats, and creating threat hunting hypotheses.

Module 5: Creating Dashboards and Alerts – Building visual dashboards, setting up alerts for real-time threat detection, and reporting.

Module 6: Incident Response with Splunk – Using Splunk to support the incident response lifecycle: detection, analysis, containment, eradication, and recovery.

Module 7: Capstone Investigation – A realistic, end-to-end security investigation using Splunk. Practice all skills learned.

Learning Objectives

Understand the daily work of a defense analyst in a SOC.
Navigate and search in Splunk using Splunk Processing Language (SPL).
Ingest and normalize security data from various sources (firewalls, endpoints, servers).
Investigate security events and detect malicious activity using log analysis.
Proactively hunt for threats that evade automated detection.
Build dashboards and configure alerts for ongoing monitoring.
Support incident response workflows using Splunk.
Earn a Cisco digital badge demonstrating Splunk security operations skills.

Course Prerequisites

Technical: Solid understanding of networking fundamentals and basic cybersecurity concepts. Experience with log analysis or SIEM tools is helpful but not required.

Recommended prior courses: Networking Basics, Introduction to Cybersecurity, and Network Defense (Cisco) or equivalent knowledge.

Who should take this: Aspiring security analysts, SOC professionals, IT professionals transitioning to security, and anyone who wants to learn Splunk for security.

User Reviews

★★★★★ Jessica Okafor

"This course is a gem. Splunk is everywhere in SOCs, and learning it for free with Cisco is amazing. The hands-on labs are realistic—you're investigating actual security scenarios, not just clicking through demos. The search language module was challenging at first, but now I can write SPL queries confidently. I landed a SOC analyst interview partly because of this course. Highly recommend."

★★★★☆ Michael Chen

"Excellent introduction to both SOC operations and Splunk. The threat hunting module was my favorite. The only downside is that some labs require careful reading; if you miss a step, it can be frustrating. But that's realistic for security work. The Cisco badge is a solid credential. Worth every hour."

★★★★★ Sarah Williams – June 18, 2026

"I've been a system administrator for years and wanted to move into security. This course was the bridge I needed. Learning Splunk specifically was key because it's used by so many companies. The capstone investigation ties everything together perfectly. I've already started using Splunk Free at work to analyze our logs. Thank you Cisco and Splunk!"

Based on 800+ ratings on Cisco NetAcad.

Free courses groups Join Facebook Group Join Telegram Channel

💡 Final Thoughts

Splunk is a dominant force in security operations. If you want to work in a SOC, you need to know it. This free Cisco course is the best way I've seen to learn Splunk specifically for security analysis. You'll get hands-on with real Splunk labs, searching logs, hunting threats, and building dashboards. The course also teaches the broader context of SOC work—what defense analysts actually do all day. The Cisco + Splunk badge is a legitimate credential. A few years ago, Splunk training cost thousands of dollars. Now it's free. Take advantage of it. Your future SOC career will thank you.

Security Operations and Defense Analyst (Splunk, Cisco) – FAQ

Is this course really free?

Yes, completely free. Cisco Networking Academy offers this course at no cost. You just need a free NetAcad account.

Do I need prior Splunk experience?

No. The course starts with Splunk fundamentals. However, you do need solid networking and basic cybersecurity knowledge.

Will I be a SOC analyst after this course?

This course provides essential skills, but real-world SOC work also requires experience and often additional certifications. Use this as a strong foundation and portfolio piece.

Does the course include hands-on Splunk labs?

Yes. You'll use a virtual Splunk environment within the course. No software installation required.

Will I receive a certificate or badge?

Yes, upon passing the final exam, you'll earn an official Cisco digital badge. You can share it on LinkedIn and other platforms.

How does this differ from Network Defense?

Network Defense focuses on configuring firewalls, IDS/IPS, and VPNs. This course focuses on using Splunk for security monitoring, threat hunting, and incident response—the work of a SOC analyst. They are complementary.