Investigating Incidents with Splunk SOAR
Upcoming Classes
Online
Instructor-led online training
| Location | Feb 2023 | Mar 2023 | Apr 2023 | May 2023 | Jun 2023 | Jul 2023 | Aug 2023 |
|---|---|---|---|---|---|---|---|
| EMEA UK Time - Virtual |
Feb 2 |
Mar 8 |
Apr 5 | ||||
| AMER Eastern Time - Virtual |
Feb 17 |
Mar 10 |
Apr 3 Apr 20 | ||||
| AMER Pacific Time - Virtual |
Feb 21 |
Mar 27 |
Apr 28 | ||||
| APAC Singapore - Virtual |
Mar 20 |
May 5 |
Summary
This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.
Objectives
Topic 1 – Starting Investigations
- SOAR investigation concepts
- ROI view
- Using the Analyst Queue
- Using indicators
- Using search
Topic 2 – Working on Events
- Using the investigation page to work on events
- Use the heads-up display
- Set event status and other fields
- Use notes and comments
- How SLA affects event workflow
- Using artifacts and files
- Exporting events
- Executing actions and playbooks
- Managing approvals
Topic 3 – Cases: Complex Events
- Use case management for complex investigations
- Use case workflows
- Mark evidence
- Running reports
Public Training
EMEA UK Time - Virtual
-
9:00 AM - 12:00 PM GMT$ 500.00 USD -
9:00 AM - 12:00 PM GMT$ 500.00 USD
-
9:00 AM - 12:00 PM BST$ 500.00 USD
AMER Eastern Time - Virtual
-
9:00 AM - 12:00 PM EST$ 500.00 USD
-
9:00 AM - 12:00 PM EST$ 500.00 USD
-
9:00 AM - 12:00 PM EDT$ 500.00 USD
-
9:00 AM - 12:00 PM EDT$ 500.00 USD
AMER Pacific Time - Virtual
-
9:00 AM - 12:00 PM PST$ 500.00 USD
-
9:00 AM - 12:00 PM PDT$ 500.00 USD
-
9:00 AM - 12:00 PM PDT$ 500.00 USD
APAC Singapore - Virtual
-
9:00 AM - 12:00 PM SGT$ 500.00 USD
-
9:00 AM - 12:00 PM SGT$ 500.00 USD
Don't see a date that works for you?
