Investigating Incidents with Splunk SOAR (IISS)

 

Course Overview

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

Course Content

  • SOAR concepts
  • Investigations
  • Running actions and playbooks
  • Case management & workflows

Certifications

This course is part of the following Certifications:

Prerequisites

Basic Security operations knowledge.

Outline: Investigating Incidents with Splunk SOAR (IISS)

Topic 1 – Starting Investigations
  • SOAR investigation concepts
  • ROI view
  • Using the Analyst Queue
  • Using indicators
  • Using search
Topic 2 – Working on Events
  • Use the Investigation page to work on events
  • Use the heads-up display
  • Set event status and other fields
  • Use notes and comments
  • How SLA affects event workflow
  • Using artifacts and files
  • Exporting events
  • Executing actions and playbooks
  • Managing approvals
Topic 3 – Cases: Complex Events
  • Use case management for complex investigations
  • Use case workflows
  • Mark evidence
  • Running reports

Prices & Delivery methods

Online Training

Duration
3 hours

Price
  • US $ 500
  • Splunk Training Units: 50 SPC
Enroll now
Request a date
Classroom Training

Duration
3 hours

Price
  • United States: US $ 500
  • Splunk Training Units: 50 SPC
Enroll now
Request a date

Schedule

Currently there are no training dates scheduled for this course.