Investigating Incidents with Splunk SOAR (IISS)

 

Course Overview

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

Course Content

  • SOAR concepts
  • Investigations
  • Running actions and playbooks
  • Case management & workflows

Certifications

This course is part of the following Certifications:

Prerequisites

Basic Security operations knowledge.

Outline: Investigating Incidents with Splunk SOAR (IISS)

Topic 1 – Starting Investigations
  • SOAR investigation concepts
  • ROI view
  • Using the Analyst Queue
  • Using indicators
  • Using search
Topic 2 – Working on Events
  • Use the Investigation page to work on events
  • Use the heads-up display
  • Set event status and other fields
  • Use notes and comments
  • How SLA affects event workflow
  • Using artifacts and files
  • Exporting events
  • Executing actions and playbooks
  • Managing approvals
Topic 3 – Cases: Complex Events
  • Use case management for complex investigations
  • Use case workflows
  • Mark evidence
  • Running reports

Prices & Delivery methods

Online Training

Duration
3 hours

Price
  • US $ 500
  • Splunk Training Units: 50 SPC
Enroll now
Request a date
Classroom Training

Duration
3 hours

Price
  • United States: US $ 500
  • Splunk Training Units: 50 SPC
Enroll now
Request a date

Click on town name or "Online Training" to book Schedule

Instructor-led Online Training:   This is an Instructor-Led Online (ILO) course. These sessions are conducted via WebEx in a VoIP environment and require an Internet Connection and headset with microphone connected to your computer or laptop. If you have any questions about our online courses, feel free to contact us via phone or Email anytime.

United Kingdom

 Online Training Time zone: British Summer Time (BST) Enroll
Online Training Time zone: Greenwich Mean Time (GMT) Enroll