Splunk by Cisco
General
Splunk SOAR Certified Automation Developer
Investigating Incidents with Splunk SOAR (SP-IISSOAR)
About the course

This 3.5 hour course prepares security practitioners to use SOAR torespond to security incidents, investigate vulnerabilities, and takeaction to mitigate and prevent security problems.

Prerequisite Knowledge

Security operations experience

Course Topics

▪ SOAR concepts

▪ Investigations

▪ Running actions and playbooks

▪ Case management & workflows

Course content

Topic 1 – Starting Investigations

▪ SOAR investigation concepts

▪ ROI view

▪ Using the Analyst Queue

▪ Using indicators

▪ Using search


Topic 2 – Working on Events

▪ Use the Investigation page to work on events

▪ Use the heads-up display

▪ Set event status and other fields

▪ Use notes and comments

▪ How SLA affects event workflow

▪ Using artifacts and files

▪ Exporting events

▪ Executing actions and playbooks

▪ Managing approvals


Topic 3 – Cases: Complex Events

▪ Use case management for complex investigations

▪ Use case workflows

▪ Mark evidence

▪ Running reports