We are happy to advise you!
1­-855­-778­-7246    Contact

Administering SOAR (ASOAR)

 

Course Content

  • SOAR modules and concepts
  • Installation
  • Initial configuration
  • Apps and assets
  • User management
  • Ingesting data
  • Investigations
  • Running actions and playbooks
  • Case management & workflows
  • Multi-tenancy & clustering

Who should attend

IT and security practitioners, developers.

Prerequisites

None

Course Objectives

This 9-hour module prepares IT and security practitioners to install, configure, and use SOAR in their environment and will prepare developers to attend the playbook development module.

Outline: Administering SOAR (ASOAR)

Topic 1 – Introduction, Deployment and Installation

  • Describe SOAR operating concepts
  • Identify documentation and community resources
  • Identify installation and upgrade options
  • SOAR & Splunk Architecture
  • Splunk/SOAR relationships

Topic 2 – Initial Configuration

  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

Topic 3 – Apps, Assets and Playbooks

  • Describe how apps and assets work in SOAR
  • Add and configure new apps
  • Configure assets
  • Manage playbooks
  • Module 4 –Ingesting Data
  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Topic 4 – Ingesting Data

  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Topic 5 – Analyst Queue

  • Work with the analyst queue
  • Filtering and sorting
  • Using search
  • Container export and import
  • Aggregation settings

Topic 6 – Investigations

  • Use the Investigation page to work on events
  • Use indicators to find matching artifacts in multiple events
  • Using the heads-up display
  • Using notes

Topic 7 – Actions, Playbooks and Files

  • Manually run actions and examine action results
  • Manually run playbooks
  • Store related files in events

Topic 8 – Case Management and Workbooks

  • Use case management for complex investigations
  • Use case workflows
  • Define new workbooks
  • Customize case management

Topic 9 – Customization

  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks

Topic 10 – Additional Topics

  • Run reports
  • Use SOAR audit tools
  • Monitor system health
  • Define clustering best practices
  • Configure multi-server SOAR clusters
  • Configure multi-tenancy
  • Backup/restore
Online Training

Duration 9 hours

Price
  • US$ 1,000
Classroom Training

Duration 9 hours

Price
  • United States: US$ 1,000
 
Click on town name or "Online Training" to book Schedule
This is an Instructor-Led Classroom course
Instructor-led Online Training:   This is an Instructor-Led Online (ILO) course. These sessions are conducted via WebEx in a VoIP environment and require an Internet Connection and headset with microphone connected to your computer or laptop.
  *   This class is delivered by a partner.
United States
Online Training 09:00 US/Eastern * Enroll
Canada
Online Training 09:00 Canada/Eastern * Enroll
 
X Contact Contact