Advanced SOAR Implementation
Upcoming Classes
Online
Instructor-led online training
| Location | Mar 2023 | Apr 2023 | May 2023 | Jun 2023 | Jul 2023 | Aug 2023 | Sep 2023 |
|---|---|---|---|---|---|---|---|
| APAC Singapore - Virtual |
Apr 26 – Apr 28 |
May 31 – Jun 2 |
Jul 26 – Jul 28 |
Sep 25 – Sep 27 |
|||
| EMEA UK Time - Virtual |
May 17 – May 19 |
Jun 14 – Jun 16 |
Jul 10 – Jul 12 |
Aug 16 – Aug 18 |
Sep 13 – Sep 15 |
Summary
This 13.5 hour course is intended for experienced SOAR consultants who will be responsible for complex SOAR solution development, and will prepare the attendee to integrate SOAR with Splunk as well as develop playbooks requiring custom coding and REST API usage.
Potential attendees have received a passing grade in all prerequisite courses, and must ensure they can devote all of their attention to the class, as the course work is very challenging. Students will develop a custom solution with SOAR, Splunk and custom Python code. The labs provide requirements for the solution; the student must plan and execute the development. This will require thoughtful focus, experimentation and problem-solving skills.
Potential attendees have received a passing grade in all prerequisite courses, and must ensure they can devote all of their attention to the class, as the course work is very challenging. Students will develop a custom solution with SOAR, Splunk and custom Python code. The labs provide requirements for the solution; the student must plan and execute the development. This will require thoughtful focus, experimentation and problem-solving skills.
Description
- Using external search in SOAR
- Sending events from Splunk to SOAR
- Updating Splunk events from SOAR
- Running SOAR reports on Splunk
- Executing SOAR playbooks from Splunk
- Searching Splunk from SOAR playbooks
- Writing custom code for use in SOAR playbooks
- Using the SOAR REST API in Phantom playbooks
Objectives
Module 1 – Implementing Splunk and SOAR
- Review of SOAR UI and concepts
- Describe interactions between Splunk and SOAR
- Identify key concepts and data flows
- Pre-requisites for integration
Module 2 – Configuring External Splunk Search
- Describe the benefits of externalizing search to Splunk
- Configure the SOAR instance for externalization
- Configure the Splunk instance for externalization
Module 3 – Sending Splunk Events to SOAR
- Configure the Splunk App for SOAR Export
- Map CIM fields to CEF
- Send Enterprise Security notables to SOAR
- Automatically trigger SOAR playbooks for Splunk notables
Module 4 – Accessing Splunk from SOAR
- Install and configure the SOAR App for Splunk
- Ingest Splunk events into SOAR
- Use Splunk search from playbooks
- Update Splunk notable events
Module 5 – Custom Coding in Playbooks
- SOAR coding best practices
- Writing, using and managing custom functions
- Using the SOAR API in custom code
- Store and retrieve persistent data
Module 6 – Using SOAR REST
- Use Django queries to search for data in SOAR
- Use REST to access SOAR data
- Use the HTTP app to execute REST from playbooks
Prerequisites
Attendees for this class must ensure that they meet all course pre-requisites. This is a challenging, advanced class that draws on technical knowledge from many areas in Splunk and SOAR, and the demanding labs and course schedule leave little time to learn the basics.
To be successful, students should have a solid understanding of the following:
- Experience with Python programming
- Adminstering Splunk SOAR
- Developing Splunk SOAR Playbooks
- Enterprise Splunk Data Administration
- Enterprise Splunk System Administration
- Either Using or Administering Splunk Enterprise Security
Public Training
APAC Singapore - Virtual
-
$ 1500.00 USD -
$ 1500.00 USD
-
$ 1500.00 USD
-
$ 1500.00 USD
EMEA UK Time - Virtual
-
$ 1500.00 USD
-
$ 1500.00 USD
-
$ 1500.00 USD
-
$ 1500.00 USD
-
$ 1500.00 USD
Don't see a date that works for you?
