Investigating Incidents with Splunk SOAR

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

Description

  • SOAR concepts
  • Investigations
  • Running actions and playbooks
  • Case management & workflows

Objectives

Topic 1 – Starting Investigations

  • SOAR investigation concepts
  • ROI view
  • Using the Analyst Queue
  • Using indicators
  • Using search

 Topic 2 – Working on Events

  • Using the investigation page to work on events
  • Use the heads-up display
  • Set event status and other fields
  • Use notes and comments
  • How SLA affects event workflow
  • Using artifacts and files
  • Exporting events
  • Executing actions and playbooks
  • Managing approvals

Topic 3 – Cases: Complex Events

  • Use case management for complex investigations
  • Use case workflows
  • Mark evidence
  • Running reports

What is the price of this training?

This training is priced at $ 500.00 USD per participant.

We accept payments by credit card (VISA, MasterCard, American Express, and Discover Card) or Training Credits. Note that ILT courses must start before the training credit expiration date. If you would like to pay by purchase order, please contact your account team for a quote.

Who is providing this training?

This class is being delivered by a Splunk ALP - ClearShark Services, Inc.

Cancellation Policy

Requests for cancellations or rescheduling of live instructor-led training must be received at least 5 business days prior to the start of class for a full refund. You agree to pay the full list price for each registered course (irrespective of the amount paid) for failing to cancel at least five working days prior to the course start date and/or failing to attend the complete course (all days).

Duration

3 hours

What happens when I register?

Once you register, we will send you a confirmation email that includes the information you will need to attend this training.

How is this training usually structured?

Online training is typically structured in 3,4, or 4.5 hour long half-day sessions or 6-hour full-day sessions with an hour-long break for lunch.

What language is this class taught in?

This class is taught in English.

Where is the training taking place?

This training is taking place in AMER Eastern Time - Virtual.