Home/Programs/Splunk Certified Cybersecurity Defense Analyst

Splunk

Splunk Certified Cybersecurity Defense Analyst

Grow your skills to start as a SOC analyst using Splunk analytics, threat-hunting, risk-based alerting, and industry best practices. Learn to protect businesses and mitigate risk while managing vulnerabilities and threats using common cyber defense systems for continual security monitoring.

Certification Roadmap

1Module 1-2: SOC Analyst Foundations (Weeks 1-2)

Build the operational mindset and technical foundation for day-to-day cyber defense monitoring.

SOC Workflows

Roles, Triage & Escalation

SOC roles, tiers, and analyst responsibilities · Alert triage and investigation flow · Using Splunk in day-to-day monitoring · Escalation and documentation discipline

Week 1

Security Data Fundamentals

Log Sources & Baselines

Common security log sources and telemetry · Authentication, endpoint, network, and cloud logs · Understanding baselines and abnormal behavior · Field quality and investigation context

Week 1

Analyst Best Practices

Investigation & Communication

Time management in active investigations · Reducing false positives with disciplined review · Evidence handling and case notes · Communicating findings clearly

Week 2

2Module 3-4: Splunk Analytics & Threat Hunting (Weeks 3-4)

Use Splunk analytics to investigate threats and proactively hunt for suspicious behavior.

Security Analytics

Search, Pivot & Correlation

Search patterns for security investigations · Pivoting across users, hosts, IPs, and processes · Correlation of events across data sources · Using dashboards and reports for investigations

Week 3

Threat Hunting Techniques

Hypothesis-Driven Hunting

Hypothesis-driven hunting workflows · Hunting for lateral movement and persistence · Behavioral search strategies · Tracking attacker patterns through telemetry

Week 3

Investigation Efficiency

Reusable Queries & Documentation

Using saved searches and reusable hunt queries · Reducing noise with filtering and scoping · Documenting hunts and outcomes · Turning hunts into operational detections

Week 4

3Module 5-6: Risk-Based Alerting & Detection (Weeks 5-6)

Develop practical alerting strategies that help analysts prioritize the right threats quickly.

Risk-Based Alerting

RBA Concepts & Prioritization

RBA concepts and security value · Risk objects, scores, and prioritization · Using risk context for investigation decisions · Tuning alerts for operational relevance

Week 5

Detection Workflows

Building & Refining Detections

Building and refining useful detections · Alert validation and triage readiness · Mapping detections to common attack patterns · Balancing coverage and alert fatigue

Week 5

Continuous Monitoring

Dashboards & Feedback Loops

Monitoring strategy across key environments · Using dashboards and reports for oversight · Tracking recurring patterns and exposures · Operational feedback loops for tuning

Week 6

4Module 7-8: Vulnerabilities, Threats & Defense Systems (Weeks 7-8)

Work with the kinds of controls and systems analysts use to reduce risk and respond to threats.

Vulnerability Management

Lifecycle & Prioritization

Vulnerability lifecycle and prioritization · Using scanner and asset context in Splunk · Relating exposure to active threats · Driving remediation insights from telemetry

Week 7

Threat Management

Indicators & Escalation

Tracking indicators and suspicious behaviors · Using threat intel context in investigations · Threat validation and escalation decisions · Mitigation-oriented analysis workflows

Week 7

Cyber Defense Systems

Cross-Tool Visibility in Splunk

Common defense tools and telemetry types · Endpoint, firewall, proxy, and identity systems · Using cross-tool visibility in Splunk · Building context across multiple controls

Week 8

5Module 9-10: Capstone & Exam Prep (Weeks 9-10)

Bring together monitoring, threat hunting, and analyst decision-making in realistic defense scenarios.

Cyber Defense Capstone

End-to-End Analyst Scenario

Triage and investigate a realistic alert queue · Hunt for suspicious behavior across multiple sources · Use risk context to prioritize cases · Produce actionable defense recommendations

Week 9

Practice Exams

Mock Tests & Gap Analysis

Full-length defense analyst mock tests · Scenario-based SOC investigation questions · Topic-level review and gap analysis · Detailed answer explanation sessions

Week 9-10

Final Review

Recap & Expert Q&A

Analytics, hunting, and alerting recap · Detection and monitoring review workshop · Analyst workflow pitfalls and guidance · Final expert Q&A

Week 10

Ready to Master this Track?

Get training schedules, role-based pathways, and expert guidance for your certification journey. Our industry-recognized mentors will guide you from fundamentals to professional level.

Request Free Consultation

Explore Category Paths

Program Details

Duration

6-10 Weeks

Mode

Online (Online)

Experience Level

Intermediate

Enroll Now

Talk to an Advisor