Course Overview
This 3 hour course prepares IT professionals to configure and manage SOAR.
Who should attend
IT and security practitioners, developers.
Prerequisites
Investigating Incidents with Splunk
Course Objectives
- SOAR modules and concepts
- Installation
- Initial configuration
- Apps and assets
- User management
- Ingesting data
- Investigations
- Running actions and playbooks
- Case management & workflows
- Multi-tenancy & clustering
Outline: Administering SOAR (ASOAR)
Topic 1 –Initial Configuration
- Describe SOAR operating concepts
- Identify documentation and community resources
- SOAR & Splunk Architecture
- Product settings
- Access control
- Authentication settings
- Response settings
- Understanding roles
- Creating users
- Managing user access
Topic 2 – Apps, Assets and Playbooks
- Add and configure apps and assets
- Manage playbooks
- Ingesting Data
- Labels and tags
- Event settings
Topic 3 – Customization and Monitoring
- Create custom severity levels
- Create custom status levels
- Add custom fields and CEF settings
- Create custom workbooks
- Run reports
- Use SOAR audit tools
- Monitor system health