HemSök efter kurserInvestigating Incidents with Splunk SOAR

Investigating Incidents with Splunk SOAR

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.



5075 kr

  • SOAR concepts
  • Investigations
  • Running actions and playbooks
  • Case management and workflows

Topic 1 - Starting Investigations

  • SOAR investigation concepts
  • ROI view
  • Using the Analyst Queue
  • Using indicators
  • Using search

Topic 2 - Working on Events

  • Using the investigation page to work on events
  • Use the heads-up display
  • Set event status and other fields
  • Use notes and comments
  • How SLA affects event workflow
  • Using artifacts and files
  • Exporting events
  • Executing actions and playbooks
  • Managing approvals
  • Topic 3 - Cases: Complex Events

    • Use case management for complex investigations
    • Use case workflows
    • Mark evidence
    • Running reports
    • Utbildningen levereras i samarbete med: Arrow