Splunk ecosystem updates
Two recent Splunk‑adjacent announcements broaden detection and analyst training tools: an alphaSOC update that maps 70+ detection cases to MITRE ATT&CK, and a free Cisco/Splunk intermediate SOC analyst course on threat hunting shared by a community account. (x.com) Both posts appeared in the last 48 hours and offer packaged detection content plus an official‑adjacent training path for SOC teams. (x.com)
Two new Splunk-adjacent releases this week gave security teams more packaged detections to run and more free training to learn from. (alphasoc.com, netacad.com) AlphaSOC says its platform maintains managed detections aligned to MITRE ATT&CK, and its documentation now shows detections that can be filtered by ATT&CK tactic and technique inside the findings console. Its architecture page says the engine ingests identity, cloud, application, network, and endpoint telemetry, normalizes it to the Open Cybersecurity Schema Framework, and enriches events with threat intelligence from more than 70 sources. (docs.alphasoc.com, docs.alphasoc.com) Examples in AlphaSOC’s public detection catalog span phishing, command-and-control, credential access, and cloud control-plane abuse. One page maps traffic to a malicious spear-phishing site to ATT&CK technique T1566, while another maps suspicious Azure API callers to T1078.004, showing how detections are being tagged to specific adversary behavior. (docs.alphasoc.com, docs.alphasoc.com) MITRE ATT&CK is the industry’s common playbook for describing how intruders get in, move around, and steal data. MITRE says the framework is a public knowledge base built from real-world observations, and Splunk already publishes its own ATT&CK Navigator layer to visualize defensive coverage across those techniques. (attack.mitre.org, mitremap.splunkresearch.com) The training side moved too. Cisco Networking Academy is offering a free course called “The Art of Investigation” that teaches security operations center analyst investigation skills with Splunk and Cisco, including threat detection, incident response, and security analysis. (netacad.com) That course sits next to Splunk’s own free Security Operations Center analyst learning path, which has been available since April 9, 2025 and lists eight required e-learning modules. The free path includes “Using Splunk Enterprise Security” and “ES 8.0 Updates for the Splunk SOC,” but Splunk notes that the no-cost version does not include hands-on lab exercises. (education.splunk.com) Splunk also sells a separate course description for “SOC Essentials: Investigating with Splunk” that trains analysts inside a fictional “Wonderland SOC” using Splunk Enterprise Security, risk-based alerting, and Splunk SOAR. That makes the Cisco Networking Academy class a lower-cost on-ramp for analysts who want guided practice before paid labs or instructor-led training. (splunk.com, netacad.com) Taken together, the two updates package more of the Splunk workflow into reusable pieces: ATT&CK-tagged detections on one side, and a free investigation course on the other. For security operations teams trying to standardize both content and analyst training, that is the practical change on offer this week. (docs.alphasoc.com, education.splunk.com, netacad.com)
