Note: This is an Interactive Workshop Session. Please bring your own laptop to dive into product use cases, walk through real scenarios and demo as you go. Attendance is capped based on content and sessions will not be recorded.
Sooooooooooo, guess what.
.conf25 is almost here, and if you're on the Security Learning Path, this is your moment to level up. Whether you’re just getting started or deep in the weeds of detection engineering, this year’s conference is packed with content designed to help you sharpen your skills, modernize your SOC, and stay ahead of evolving threats.
With 200+ sessions across all skill levels, it can be overwhelming to know where to start. That’s why we’ve curated a list of sessions sorted by learning level spanning across different products that Security Practitioners won't want to miss.
Just Starting Out? These Novice Sessions Build a Strong Foundation
SEC1523 - Power the SOC of the Future with Splunk Security
Wednesday, Sep 10 | 11:30 AM - 11:50 AM EDT
Intermediate-Level Security? Elevate Your Skill Set with These Intermediate Picks
SEC1123 - Enterprise Security 8.1: Enhanced Detection and Investigation for the SOC
Tuesday, Sep 9 | 10:30 AM - 11:30 AM EDTBad actors thrive on chaos, but luckily Splunk Enterprise Security offers enhanced detection and investigation capabilities. In this interactive workshop, attendees will be introduced to these capabilities and will learn how to review findings, start an investigation, conduct analysis, and set the investigation's status, urgency, and sensitivity, shortening mean-time-to-respond.
Note: This is an Interactive Workshop Session. Please bring your own laptop to dive into product use cases, walk through real scenarios and demo as you go. Attendance is capped based on content and sessions will not be recorded.
SEC1467 — Risk to Rewards: Apply Machine Learning to Enhance Risk-Based Alerting
Tuesday, Sept 9 | 12:30–1:45 PM EDT
Congratulations, you made the big transition to risk-based alerting. Your focus is now on risk objects so you can reap the rewards of a reduced number of notables. Learn powerful techniques such as clustering risky objects, identifying risk scores, and detecting firewall exploitation by malware. Join us and learn how to apply these machine learning methods for greater insight into your organization's risk posture.
Note: This is an Interactive Workshop Session. Please bring your own laptop to dive into product use cases, walk through real scenarios and demo as you go. Attendance is capped based on content and sessions will not be recorded.
SEC1196 — The Automation Games: An Interactive Workshop with Splunk® SOAR
Wednesday, Sept 10 | 10:30 AM–12:30 PM EDT
Let's get ready to automate! The Automation Games provides a peek into how automation and orchestration features in Splunk® SOAR can help security teams automate repetitive tasks, respond to security incidents faster, increase productivity and efficiency, and strengthen defenses across your organization. The Automation Games are a fun and challenging competition among peers who want to learn how to leverage Splunk® SOAR in their security operations.
Note: This is an Interactive Workshop Session. Please bring your own laptop to dive into product use cases, walk through real scenarios and demo as you go. Attendance is capped based on content and sessions will not be recorded.
SEC1929 - Rebooting Splunk UEBA: Leveraging the New UEBA’s AI/ML Models
Wednesday, Sep 10 | 9:00 AM - 9:45 AM EDTHelp your team effortlessly find the needle in your existing data haystack. Learn how you can really use the AI/ML behind Splunk’s newly rebooted user and entity behavior analytics (UEBA) module to power better detections at scale while using all of your existing data. If you'd like to better detect lurking risks without developing your own advanced AI powered logic, join this session to learn about UEBA's recent (re-) evolution, development, and real-world applicability.
Seasoned Expert? These Advanced Sessions Will Push You Further
SEC1636 — print(f"Hello, {attendee_name}. Let's Automate!"): Using Detection as Code to Manage Your Content Development Lifecycle
Tuesday, Sept 9 | 11:00–11:20 AM EDT
Detection Engineering is hard and "click ops" is just not good enough to keep up with the needs of the modern security operations environment. Yaml, Python, GIT, and the CI/CD pipeline have entered the DaC chat! We'll help you by demonstrating how to build yaml code files with a common schema, how you can test your rules, and post them to Splunk. Join us and learn how to take your content management procedures from zero to hero using these common household items and a little "can do" spirit.
SEC1224 — Mastering the Detection Engineering Lifecycle: From Data Ingestion to Detection Triumph
Wednesday, Sept 10 | 1:30–3:15 PM EDT
Unlock the full potential of your security operations team in this comprehensive workshop on detection engineering. Dive into the critical steps of getting data into Splunk, learn how to build robust detections, and explore the entire detection engineering lifecycle. Whether you are just getting started or refining your poses, this session will provide practical insights and strategies for turning raw data into actionable intelligence and enhancing your organization’s security posture.
Note: This is an Interactive Workshop Session. Please bring your own laptop to dive into product use cases, walk through real scenarios and demo as you go. Attendance is capped based on content and sessions will not be recorded.
SEC1519 - Diving into Splunk Attack Analyzer Data: 15 Crazy Reasons to Ingest More Phish
Tuesday, Sep 9 | 2:15 PM - 4:00 PM EDT
Join us for an engaging, hands-on session where we dive deep into the vast ocean of telemetry produced by Splunk Attack Analyzer. We will pull back the curtain on the various engines in SAA and go through the TA sourcetype by sourcetype. We’ll reveal the data lurking in the depths and sail through ways to use it to address credential phishing and more. Attendees will gain practical experience and unlock new use cases powered by SAA and the broader Splunk security stack.
Note: This is an Interactive Workshop Session. Please bring your own laptop to dive into product use cases, walk through real scenarios and demo as you go. Attendance is capped based on content and sessions will not be recorded.
Explore More
Want the full list of security-focused sessions?
These six picks are just the beginning. There are over 20 sessions curated specifically for the Security Learning Path at .conf25—covering everything from SOAR to risk-based alerting to Detection-as-Code. View all Security Sessions
Ready to build your full agenda?
Check out the full .conf25 session catalog and filter by role, product, or learning level to find even more tailored content.
Want to keep leveling up all year long?
Explore the Security Community Learning Path to access curated content, training, and resources designed for security practitioners just like you.
Let’s make .conf25 your most impactful conference yet
Security threats won’t wait—and neither should you
