Administering Splunk SOAR

This 3 hour course prepares IT professionals to configure and manage SOAR.

Description

  • SOAR concepts
  • Initial configuration
  • Apps and assets
  • Configuring automation
  • User management
  • Ingesting Data
  • Customization and monitoring

Duration

3 Hours

Objectives

Topic 1 –Initial Configuration

  • Describe SOAR operating concepts
  • Identify documentation and community resources
  • SOAR & Splunk Architecture
  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

 Topic 2 – Apps, Assets and Playbooks

  • Add and configure apps and assets
  • Manage playbooks
  • Ingesting Data
  • Labels and tags
  • Event settings

 Topic 3 – Customization and Monitoring

  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks
  • Run reports
  • Use SOAR audit tools
  • Monitor system health

Prerequisites

Classes:

  • Investigating Incidents with Splunk SOAR

How is this training usually structured?

Online training is typically structured in 3,4, or 4.5 hour long half-day sessions or 6-hour full-day sessions with an hour-long break for lunch.

What happens when I register?

Once you register, we will send you a confirmation email that includes the information you will need to attend this training.

What is the price of this training?

This training is priced at $500.00 USD per participant.

We accept payments by credit card (VISA, MasterCard, American Express, and Discover Card) or Training Credits. Note that ILT courses must start before the training credit expiration date. If you would like to pay by purchase order, please contact your account team for a quote.

What language is this class taught in?

This class is taught in English.

Where is the training taking place?

This training is taking place in AMER - Eastern Standard Time - Virtual.

Who is providing this training?

This class is being delivered by a Splunk ALP - ClearShark Services, Inc.

Cancellation Policy

Requests for cancellations or rescheduling of live instructor-led training must be received at least 5 business days prior to the start of class for a full refund. You agree to pay the full list price for each registered course (irrespective of the amount paid) for failing to cancel at least five working days prior to the course start date and/or failing to attend the complete course (all days).

Similar courses

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

More Information

This 9 hour introductory course prepares IT and security practitioners to plan, design, create and debug basic playbooks for SOAR. Students will learn fundamentals of SOAR playbook capabilities, creation and testing. This course is a pre-requisite for the Advanced SOAR Implementation course.

More Information

This 13.5 hour course is intended for experienced SOAR consultants who will be responsible for complex SOAR solution development, and will prepare the attendee to integrate SOAR with Splunk as well as develop playbooks requiring custom coding and REST API usage. Students will develop a custom solution with SOAR, Splunk and custom Python code. The labs provide requirements for the solution; the student must plan and execute the development.

More Information