We are happy to advise you!
1­-855­-778­-7246    Contact

Administering SOAR (ASOAR)

 

Course Content

  • SOAR modules and concepts
  • Installation
  • Initial configuration
  • Apps and assets
  • User management
  • Ingesting data
  • Investigations
  • Running actions and playbooks
  • Case management & workflows
  • Multi-tenancy & clustering

Who should attend

IT and security practitioners, developers.

Certifications

This course is part of the following Certifications:

Prerequisites

None

Course Objectives

This 9-hour course prepares IT and security practitioners to install, configure, and use SOAR in their environment and will prepare developers to attend the playbook development course.

Outline: Administering SOAR (ASOAR)

Module 1 – Introduction, Deployment and Installation

  • Describe SOAR operating concepts
  • Identify documentation and community resources
  • Identify installation and upgrade options
  • SOAR & Splunk Architecture
  • Splunk/SOAR relationships

Module 2 – Initial Configuration

  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

Module 3 – Apps, Assets and Playbooks

  • Describe how apps and assets work in SOAR
  • Add and configure new apps
  • Configure assets
  • Manage playbooks
  • Module 4 –Ingesting Data
  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Module 4 – Ingesting Data

  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Module 5 – Analyst Queue

  • Work with the analyst queue
  • Filtering and sorting
  • Using search
  • Container export and import
  • Aggregation settings

Module 6 – Investigations

  • Use the Investigation page to work on events
  • Use indicators to find matching artifacts in multiple events
  • Using the heads-up display
  • Using notes

Module 7 – Actions, Playbooks and Files

  • Manually run actions and examine action results
  • Manually run playbooks
  • Store related files in events

Module 8 – Case Management and Workbooks

  • Use case management for complex investigations
  • Use case workflows
  • Define new workbooks
  • Customize case management

Module 9 – Customization

  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks

Module 10 – Additional Topics

  • Run reports
  • Use SOAR audit tools
  • Monitor system health
  • Define clustering best practices
  • Configure multi-server SOAR clusters
  • Configure multi-tenancy
  • Backup/restore
Online Training

Duration 9 hours

Price
  • US$ 1,000
Classroom Training

Duration 9 hours

Price
  • United States: US$ 1,000
 
Click on town name or "Online Training" to book Schedule
This is an Instructor-Led Classroom course
Instructor-led Online Training:   This is an Instructor-Led Online (ILO) course. These sessions are conducted via WebEx in a VoIP environment and require an Internet Connection and headset with microphone connected to your computer or laptop.
United States

Currently there are no training dates scheduled for this course.  You can schedule a private, onsite training session or request a public date by emailing info@fastlaneus.com.