Investigating Incidents with Splunk SOAR
Upcoming Classes
Online
Instructor-led online training
Location | May 2022 | Jun 2022 | Jul 2022 | Aug 2022 | Sep 2022 | Oct 2022 | Nov 2022 |
---|---|---|---|---|---|---|---|
APAC Singapore - Virtual |
Jun 6 |
Jul 4 | |||||
AMER Eastern Time - Virtual |
Jun 6 Jun 27 |

Summary
This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.
Objectives
Topic 1 – Starting Investigations
- SOAR investigation concepts
- ROI view
- Using the Analyst Queue
- Using indicators
- Using search
Topic 2 – Working on Events
- Using the investigation page to work on events
- Use the heads-up display
- Set event status and other fields
- Use notes and comments
- How SLA affects event workflow
- Using artifacts and files
- Exporting events
- Executing actions and playbooks
- Managing approvals
Topic 3 – Cases: Complex Events
- Use case management for complex investigations
- Use case workflows
- Mark evidence
- Running reports