Administering SOAR (ASOAR)


Course Overview

This 3 hour course prepares IT professionals to configure and manage SOAR.

Who should attend

IT and security practitioners, developers.


This course is part of the following Certifications:


Investigating Incidents with Splunk

Course Objectives

  • SOAR modules and concepts
  • Installation
  • Initial configuration
  • Apps and assets
  • User management
  • Ingesting data
  • Investigations
  • Running actions and playbooks
  • Case management & workflows
  • Multi-tenancy & clustering

Outline: Administering SOAR (ASOAR)

Topic 1 –Initial Configuration

  • Describe SOAR operating concepts
  • Identify documentation and community resources
  • SOAR & Splunk Architecture
  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

Topic 2 – Apps, Assets and Playbooks

  • Add and configure apps and assets
  • Manage playbooks
  • Ingesting Data
  • Labels and tags
  • Event settings

Topic 3 – Customization and Monitoring

  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks
  • Run reports
  • Use SOAR audit tools
  • Monitor system health

Prices & Delivery methods

Online Training

3 hours

  • US$ 500
  • Splunk Training Credits: 50 SPC
Classroom Training

3 hours

  • United States: US$ 500
  • Splunk Training Credits: 50 SPC

Click on town name or "Online Training" to book Schedule

This is an Instructor-Led Classroom course
Instructor-led Online Training:   This is an Instructor-Led Online (ILO) course. These sessions are conducted via WebEx in a VoIP environment and require an Internet Connection and headset with microphone connected to your computer or laptop.
*   This class is delivered by a partner.

United States

Online Training 09:00 US/Eastern * Enroll