Investigating Incidents with Splunk SOAR (IISS)

 

Course Overview

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

Course Content

  • SOAR concepts
  • Investigations
  • Running actions and playbooks
  • Case management & workflows

Certifications

This course is part of the following Certifications:

Prerequisites

Basic Security operations knowledge.

Outline: Investigating Incidents with Splunk SOAR (IISS)

Topic 1 – Starting Investigations
  • SOAR investigation concepts
  • ROI view
  • Using the Analyst Queue
  • Using indicators
  • Using search
Topic 2 – Working on Events
  • Use the Investigation page to work on events
  • Use the heads-up display
  • Set event status and other fields
  • Use notes and comments
  • How SLA affects event workflow
  • Using artifacts and files
  • Exporting events
  • Executing actions and playbooks
  • Managing approvals
Topic 3 – Cases: Complex Events
  • Use case management for complex investigations
  • Use case workflows
  • Mark evidence
  • Running reports

Prices & Delivery methods

Online Training

Duration
3 hours

Price
  • Online Training: CAD 690
  • Online Training: US $ 500
  • Splunk Training Units: 50 SPC
Dates and Booking
Request a date
Classroom Training

Duration
3 hours

Price
  • Canada: CAD 690
  • Splunk Training Units: 50 SPC
Dates and Booking
Request a date

Click on town name or "Online Training" to book Schedule

Instructor-led Online Training:   This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training. If you have any questions about our online courses, feel free to contact us via phone or Email anytime.
*   This class is delivered by a vendor or third party partner.

United States

 Online Training 09:00 Pacific Daylight Time (PDT) * Enroll