Investigating Incidents with Splunk SOAR (IISS)

 

Course Overview

This 3.5 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

Course Content

  • SOAR concepts
  • Investigations
  • Running actions and playbooks
  • Case management & workflows

Prerequisites

Security operations experience.

Outline: Investigating Incidents with Splunk SOAR (IISS)

Topic 1 – Starting Investigations
  • SOAR investigation concepts
  • ROI view
  • Using the Analyst Queue
  • Using indicators
  • Using search
Topic 2 – Working on Events
  • Use the Investigation page to work on events
  • Use the heads-up display
  • Set event status and other fields
  • Use notes and comments
  • How SLA affects event workflow
  • Using artifacts and files
  • Exporting events
  • Executing actions and playbooks
  • Managing approvals
Topic 3 – Cases: Complex Events
  • Use case management for complex investigations
  • Use case workflows
  • Mark evidence
  • Running reports

Prices & Delivery methods

Online Training

Duration
0.5 days

Price
  • Online Training: CAD 635
  • Online Training: US$ 500
  • Splunk Training Credits: 50 SPC
Classroom Training

Duration
0.5 days

Price
  • Canada: CAD 635
  • Splunk Training Credits: 50 SPC

Click on town name or "Online Training" to book Schedule

This is an Instructor-Led Classroom course
Instructor-led Online Training:   This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.
*   This class is delivered by a partner.

United States

Online Training 09:00 US/Pacific 2 days * Enroll
Online Training 09:00 US/Eastern 2 days * Enroll
Online Training 09:00 US/Eastern 2 days * Enroll
Online Training 09:00 US/Eastern 2 days * Enroll
Online Training 09:00 US/Eastern 2 days * Enroll