Investigating Incidents with Splunk SOAR

Investigating Incidents with Splunk SOAR

Investigating Incidents with Splunk SOAR

Upcoming Classes

Online

Instructor-led online training

Location Oct 2022 Nov 2022 Dec 2022 Jan 2023 Feb 2023 Mar 2023 Apr 2023
APAC Singapore - Virtual Oct 6
 Nov 25
 Jan 2
EMEA UK Time - Virtual Oct 17
 Nov 28
 Jan 9
AMER Pacific Time - Virtual Nov 1
 Dec 12
 Jan 27
AMER Eastern Time - Virtual Nov 21
 Dec 19
 Jan 6
Jan 27

Summary

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

Description

  • SOAR concepts
  • Investigations
  • Running actions and playbooks
  • Case management & workflows

Duration

3 hours

Objectives

Topic 1 – Starting Investigations

  • SOAR investigation concepts
  • ROI view
  • Using the Analyst Queue
  • Using indicators
  • Using search

Topic 2 – Working on Events

  • Using the investigation page to work on events
  • Use the heads-up display
  • Set event status and other fields
  • Use notes and comments
  • How SLA affects event workflow
  • Using artifacts and files
  • Exporting events
  • Executing actions and playbooks
  • Managing approvals

Topic 3 – Cases: Complex Events

  • Use case management for complex investigations
  • Use case workflows
  • Mark evidence
  • Running reports

Onsite Training

For groups of three or more

Request Quote

Public Training

APAC Singapore - Virtual

  • Confirmed
    9:00 AM - 12:30 PM SGT
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM SGT
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM SGT
    $ 500.00 USD

EMEA UK Time - Virtual

  • Confirmed
    9:00 AM - 12:00 PM BST
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM GMT
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM GMT
    $ 500.00 USD

AMER Pacific Time - Virtual

  • Confirmed
    9:00 AM - 12:00 PM PDT
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM PST
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM PST
    $ 500.00 USD

AMER Eastern Time - Virtual

  • Confirmed
    9:00 AM - 12:00 PM EST
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM EST
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM EST
    $ 500.00 USD
  • Confirmed
    9:00 AM - 12:00 PM EST
    $ 500.00 USD

Don't see a date that works for you?

Request Class

Sitemap
Privacy
Website Terms of Use
Splunk Licensing Terms
Export Control
Modern Slavery Statement
Splunk Patents

© 2005- Splunk Inc. All rights reserved.

Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.