Administering Splunk SOAR

• SOAR concepts
• Initial configuration
• Apps and assets
• Configuring automation
• User management
• Ingesting Data
• Customization and monitoring

3 Hours

Topic 1 –Initial Configuration

• Describe SOAR operating concepts
• Identify documentation and community resources
• SOAR & Splunk Architecture
• Product settings
• Access control
• Authentication settings
  
• Response settings
• Understanding roles
• Creating users
  
• Managing user access

 Topic 2 – Apps, Assets and Playbooks

• Add and configure apps and assets
  
• Manage playbooks
• Ingesting Data
• Labels and tags
• Event settings

 Topic 3 – Customization and Monitoring

• Create custom severity levels
• Create custom status levels
• Add custom fields and CEF settings
• Create custom workbooks
• Run reports
• Use SOAR audit tools
• Monitor system health

Classes:

• Investigating Incidents with Splunk SOAR

Online training is typically structured in 3,4, or 4.5 hour long half-day sessions or 6-hour full-day sessions with an hour-long break for lunch.

Once you register, we will send you a confirmation email that includes the information you will need to attend this training.

This training is priced at $500.00 USD per participant.

This class is taught in English.

This training is taking place in AMER - Eastern Standard Time - Virtual.

This class is being delivered by a Splunk ALP - ClearShark Services, Inc.

Requests for cancellations or rescheduling of live instructor-led training must be received at least 5 business days prior to the start of class for a full refund. You agree to pay the full list price for each registered course (irrespective of the amount paid) for failing to cancel at least five working days prior to the course start date and/or failing to attend the complete course (all days).