Investigating Incidents with Splunk SOAR
Upcoming Classes
Online
Instructor-led online training
Location | Feb 2023 | Mar 2023 | Apr 2023 | May 2023 | Jun 2023 | Jul 2023 | Aug 2023 |
---|---|---|---|---|---|---|---|
EMEA UK Time - Virtual |
Feb 2 |
Mar 8 |
Apr 5 | ||||
AMER Eastern Time - Virtual |
Feb 17 |
Mar 10 |
Apr 3 Apr 20 | ||||
AMER Pacific Time - Virtual |
Feb 21 |
Mar 27 |
Apr 28 | ||||
APAC Singapore - Virtual |
Mar 20 |
May 5 |

Summary
This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.
Objectives
Topic 1 – Starting Investigations
- SOAR investigation concepts
- ROI view
- Using the Analyst Queue
- Using indicators
- Using search
Topic 2 – Working on Events
- Using the investigation page to work on events
- Use the heads-up display
- Set event status and other fields
- Use notes and comments
- How SLA affects event workflow
- Using artifacts and files
- Exporting events
- Executing actions and playbooks
- Managing approvals
Topic 3 – Cases: Complex Events
- Use case management for complex investigations
- Use case workflows
- Mark evidence
- Running reports