Developing SOAR Playbooks

This 9 hour introductory course prepares IT and security practitioners to plan, design, create and debug basic playbooks for SOAR. Students will learn fundamentals of SOAR playbook capabilities, creation and testing. This course is a pre-requisite for the Advanced SOAR Implementation course.

Description

Automation best practices
The visual playbook editor
Creating automation and input playbooks
Using actions and decisions
Using action results
Testing and debugging playbooks
User interaction
Output formatting
Complex logic
Interacting with artifacts
Using files in a playbook
Custom lists
Data filtering

Cancellation Policy

Requests for cancellations or rescheduling of live instructor-led training must be received at least 5 business days prior to the start of class for a full refund. You agree to pay the full list price for each registered course (irrespective of the amount paid) for failing to cancel at least five working days prior to the course start date and/or failing to attend the complete course (all days).

Duration

9 Hours

How is this training usually structured?

Online training is typically structured in 3,4, or 4.5 hour long half-day sessions or 6-hour full-day sessions with an hour-long break for lunch.

Objectives

Module 1 – Introduction to Playbooks

Understand automation best practices
Design playbooks
Python support
Use the playbook manager

Module 2 – Visual Playbook Editor

Use the visual playbook editor
Use actions and decisions
Process action results
Test new playbooks

Module 3 – User Interaction and Logic

Interact with users during playbook execution
Format outputs
Use decision blocks

Module 4 – Accessing and Formatting Data

Accessing action results
Accessing artifact and container data
Formatting data

Module 5 – Modular Playbook Development

Creating inpup playbooks
Calling other playbooks
Passing data between playbooks

Module 6 – Custom Lists and Filters

Custom list concepts
Create custom lists
Access lists from playbooks
Use filters

Prerequisites

To be successful, students should have a solid understanding of the following:

Familiarity with Python Programming

One of the Following:

Administering SOAR (preferred)
Using SOAR Video Courses

What happens when I register?

Once you register, we will send you a confirmation email that includes the information you will need to attend this training.

What is the price of this training?

This training is priced at $1000.00 USD per participant.

We accept payments by credit card (VISA, MasterCard, American Express, and Discover Card) or Training Credits. Note that ILT courses must start before the training credit expiration date. If you would like to pay by purchase order, please contact your account team for a quote.

What language is this class taught in?

This class is taught in English.

Where is the training taking place?

This training is taking place in AMER - Eastern Standard Time - Virtual.

Who is providing this training?

This class is being delivered by a Splunk ALP - ClearShark Services, Inc.

Similar courses

Administering Splunk SOAR

This 3 hour course prepares IT professionals to configure and manage SOAR.

More Information

Investigating Incidents with Splunk SOAR

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

More Information

Advanced SOAR Implementation

This 13.5 hour course is intended for experienced SOAR consultants who will be responsible for complex SOAR solution development, and will prepare the attendee to integrate SOAR with Splunk as well as develop playbooks requiring custom coding and REST API usage. Students will develop a custom solution with SOAR, Splunk and custom Python code. The labs provide requirements for the solution; the student must plan and execute the development.

More Information