Investigating Incidents with Splunk SOAR (IISS)

 

Course Overview

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

Course Content

  • SOAR concepts
  • Investigations
  • Running actions and playbooks
  • Case management & workflows

Certifications

This course is part of the following Certifications:

Prerequisites

Basic Security operations knowledge.

Outline: Investigating Incidents with Splunk SOAR (IISS)

Topic 1 – Starting Investigations
  • SOAR investigation concepts
  • ROI view
  • Using the Analyst Queue
  • Using indicators
  • Using search
Topic 2 – Working on Events
  • Use the Investigation page to work on events
  • Use the heads-up display
  • Set event status and other fields
  • Use notes and comments
  • How SLA affects event workflow
  • Using artifacts and files
  • Exporting events
  • Executing actions and playbooks
  • Managing approvals
Topic 3 – Cases: Complex Events
  • Use case management for complex investigations
  • Use case workflows
  • Mark evidence
  • Running reports

Prices & Delivery methods

Online Training

Duration
3 hours

Price
  • US$ 500
  • Splunk Training Units: 50 SPC
Enroll now
Request a date
Classroom Training

Duration
3 hours

Price
  • United States: US$ 500
  • Splunk Training Units: 50 SPC
Enroll now
Request a date

Click on town name or "Online Training" to book Schedule

Instructor-led Online Training:   This is an Instructor-Led Online (ILO) course. These sessions are conducted via WebEx in a VoIP environment and require an Internet Connection and headset with microphone connected to your computer or laptop.
*   This class is delivered by a vendor or third party partner.

United States

 Online Training 09:00 US/Pacific * Enroll
Online Training 09:00 US/Pacific * Enroll
Online Training 09:00 US/Eastern * Enroll