Understanding Threats and Attacks

Cisco Networking Academy & Splunk 15+ hours (self-paced) English and multiple languages Free course Digital Badge 4.5 (720+ reviews)

Free course

Go to Course

Course Description

You can't defend against what you don't understand. This course, delivered by Cisco Networking Academy in partnership with Splunk, gives you a comprehensive understanding of the threat landscape. You'll learn about different types of cyber threats, attack vectors, and the tactics, techniques, and procedures (TTPs) used by adversaries.

The course covers the cyber kill chain, MITRE ATT&CK framework, common attack patterns (phishing, malware, ransomware, DoS, man-in-the-middle), and how to identify and analyze them. You'll use Splunk to hunt for signs of these attacks in real-world data. This is the knowledge every security analyst needs to recognize an attack in progress.

This free, self-paced course takes about 15 hours to complete. It's ideal for aspiring security analysts, incident responders, and anyone who needs to understand the threat landscape. Upon completion, you'll earn an official Cisco digital badge.

Course Provider

Provider: Cisco Networking Academy in partnership with Splunk, a leading provider of security analytics and SIEM platforms.

Platform: Cisco NetAcad online platform – fully online, self-paced, with integrated virtual labs using Splunk.

Accreditation: This course builds foundational threat intelligence skills highly valued by security operations centers (SOCs). It's excellent preparation for roles like security analyst, threat hunter, and incident responder.

Course Syllabus (Key Modules)

Module 1: Introduction to Cyber Threats – Threat actors, motivations, capabilities. Types of threats (malware, phishing, DDoS, insider threats, APTs).

Module 2: The Cyber Kill Chain – Reconnaissance, weaponization, delivery, exploitation, installation, command & control, actions on objectives.

Module 3: MITRE ATT&CK Framework – Understanding tactics, techniques, and procedures (TTPs). Using ATT&CK for threat analysis and detection.

Module 4: Common Attack Patterns – Phishing, social engineering, malware (trojans, ransomware, worms), man-in-the-middle, SQL injection, cross-site scripting, DoS/DDoS.

Module 5: Threat Intelligence – Collecting, analyzing, and acting on threat intelligence. IOCs (indicators of compromise) vs TTPs.

Module 6: Detecting Threats with Splunk – Searching for IOCs, creating alerts, using threat intelligence feeds, and investigating suspicious activity.

Module 7: Real-World Attack Analysis – Hands-on labs analyzing actual attack data (phishing campaign, ransomware outbreak, data exfiltration).

Learning Objectives

Identify different types of cyber threats and attack actors.
Understand the cyber kill chain and MITRE ATT&CK framework.
Recognize common attack patterns (phishing, malware, DoS, etc.).
Collect and use threat intelligence for proactive defense.
Search for indicators of compromise (IOCs) using Splunk.
Analyze real-world attack data to understand adversary behavior.
Earn a Cisco digital badge demonstrating threat knowledge.

Course Prerequisites

Technical: Basic understanding of networking (IP addresses, ports, protocols) and cybersecurity concepts. Prior completion of Cisco's Introduction to Cybersecurity or Network Defense is recommended.

Recommended prior courses: Introduction to Cybersecurity, Networking Basics, or equivalent knowledge.

Who should take this: Aspiring security analysts, threat hunters, incident responders, IT professionals, and anyone who needs to understand the threat landscape.

User Reviews

★★★★★ Carlos Mendez

"This course finally made the threat landscape click for me. The Cyber Kill Chain and MITRE ATT&CK modules are worth the entire course. Now I can look at an attack and understand the phases: reconnaissance, delivery, exploitation, etc. The Splunk labs for hunting IOCs were practical and engaging. Highly recommended for anyone starting in security analysis."

★★★★★ Fatima Al-Hassan

"I took this course alongside The Art of Investigation, and they complement each other perfectly. This one gives you the knowledge of what to look for; the other teaches you how to investigate. The real-world attack analysis labs (phishing, ransomware) were intense but very rewarding. I feel much more prepared for SOC analyst interviews."

★★★★☆ Tom Wilson – June 20, 2026

"Excellent content on threat types and frameworks. The MITRE ATT&CK module is particularly valuable—it's the industry standard. The Splunk integration is good, but the course assumes you've already taken The Art of Investigation or have basic Splunk knowledge. Take that course first if you're new to Splunk. Otherwise, a solid course."

Based on 720+ ratings on Cisco NetAcad.

Free courses groups Join Facebook Group Join Telegram Channel

💡 Final Thoughts

Knowledge is power, especially in cybersecurity. This course gives you a systematic way to understand threats and attacks, using industry-standard frameworks like the Cyber Kill Chain and MITRE ATT&CK. You won't just memorize a list of attack names; you'll understand how attacks work, what they look like in logs, and how to hunt for them using Splunk. The hands-on labs are excellent—you'll analyze real attack data, not hypothetical scenarios. This course pairs perfectly with "The Art of Investigation." Take them together for a complete foundation in security operations. Free, practical, and directly applicable to SOC roles. Highly recommended.

Understanding Threats and Attacks – FAQ

Is this course really free?

Yes, completely free. Cisco Networking Academy offers this course at no cost. You just need a free NetAcad account.

Do I need prior Splunk experience?

Some basic familiarity with Splunk is helpful. Consider taking "The Art of Investigation" course first if you're completely new to Splunk.

How long does the course take?

The course is self-paced and takes approximately 15 hours. Plan to spend a few hours per week over several weeks.

Will I receive a certificate or badge?

Yes, upon passing the final exam, you'll earn an official Cisco digital badge. You can share it on LinkedIn and other platforms.

What is the MITRE ATT&CK framework?

It's a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It's the industry standard for describing and understanding cyber attacks.

How does this course help with my career?

Understanding threats and attacks is foundational for security analysts, threat hunters, and incident responders. This course gives you the knowledge and hands-on skills to recognize attacks and protect organizations.