We are happy to advise you!
1­-855­-778­-7246    Contact

Administering SOAR (ASOAR)

 

Course Content

  • SOAR modules and concepts
  • Installation
  • Initial configuration
  • Apps and assets
  • User management
  • Ingesting data
  • Investigations
  • Running actions and playbooks
  • Case management & workflows
  • Multi-tenancy & clustering

Who should attend

IT and security practitioners, developers.

Prerequisites

None

Course Objectives

This 9-hour course prepares IT and security practitioners to install, configure, and use SOAR in their environment and will prepare developers to attend the playbook development course.

Outline: Administering SOAR (ASOAR)

Module 1 – Introduction, Deployment and Installation

  • Describe SOAR operating concepts
  • Identify documentation and community resources
  • Identify installation and upgrade options
  • SOAR & Splunk Architecture
  • Splunk/SOAR relationships

Module 2 – Initial Configuration

  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

Module 3 – Apps, Assets and Playbooks

  • Describe how apps and assets work in SOAR
  • Add and configure new apps
  • Configure assets
  • Manage playbooks
  • Module 4 –Ingesting Data
  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Module 4 – Ingesting Data

  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Module 5 – Analyst Queue

  • Work with the analyst queue
  • Filtering and sorting
  • Using search
  • Container export and import
  • Aggregation settings

Module 6 – Investigations

  • Use the Investigation page to work on events
  • Use indicators to find matching artifacts in multiple events
  • Using the heads-up display
  • Using notes

Module 7 – Actions, Playbooks and Files

  • Manually run actions and examine action results
  • Manually run playbooks
  • Store related files in events

Module 8 – Case Management and Workbooks

  • Use case management for complex investigations
  • Use case workflows
  • Define new workbooks
  • Customize case management

Module 9 – Customization

  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks

Module 10 – Additional Topics

  • Run reports
  • Use SOAR audit tools
  • Monitor system health
  • Define clustering best practices
  • Configure multi-server SOAR clusters
  • Configure multi-tenancy
  • Backup/restore
Online Training

Duration 9 hours

Price
  • CAD 1,270
Classroom Training

Duration 9 hours

Price
  • Canada: CAD 1,270
 
Schedule

Currently there are no training dates scheduled for this course.