Investigating Incidents with Splunk SOAR
Upcoming Classes
Online
Instructor-led online training
| Location | May 2022 | Jun 2022 | Jul 2022 | Aug 2022 | Sep 2022 | Oct 2022 | Nov 2022 |
|---|---|---|---|---|---|---|---|
| APAC Singapore - Virtual |
Jun 6 |
Jul 4 | |||||
| AMER Eastern Time - Virtual |
Jun 6 Jun 27 |
Summary
This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.
Objectives
Topic 1 – Starting Investigations
- SOAR investigation concepts
- ROI view
- Using the Analyst Queue
- Using indicators
- Using search
Topic 2 – Working on Events
- Using the investigation page to work on events
- Use the heads-up display
- Set event status and other fields
- Use notes and comments
- How SLA affects event workflow
- Using artifacts and files
- Exporting events
- Executing actions and playbooks
- Managing approvals
Topic 3 – Cases: Complex Events
- Use case management for complex investigations
- Use case workflows
- Mark evidence
- Running reports
Public Training
APAC Singapore - Virtual
-
9:00 AM - 12:00 PM SGT$ 500.00 USD -
9:00 AM - 12:00 PM SGT$ 500.00 USD
AMER Eastern Time - Virtual
-
9:00 AM - 12:00 PM EDT$ 500.00 USD
-
9:00 AM - 12:00 PM EDT$ 500.00 USD
Don't see a date that works for you?
