Investigating Incidents with Splunk SOAR
Summary
This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.
Description
-
SOAR concepts
-
Investigations
-
Running actions and playbooks
-
Case management & workflows
.png)
Splunk Credit Value: 50
Duration: 3 hours
Time: 11am – 2pm AEST
Objectives
Topic 1 – Starting Investigations
-
SOAR investigation concepts
-
ROI view
-
Using the Analyst Queue
-
Using indicators
-
Using search
Topic 2 – Working on Events
-
Using the investigation page to work on events
-
Use the heads-up display
-
Set event status and other fields
-
Use notes and comments
-
How SLA affects event workflow
-
Using artifacts and files
-
Exporting events
-
Executing actions and playbooks
-
Managing approvals
Topic 3 – Cases: Complex Events
-
Use case management for complex investigations
-
Use case workflows
-
Mark evidence
-
Running reports
Pre-requisites
-
Basic security operations knowledge
Splunk Course Schedules and Timezones
Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.
Dates and times displayed for each course are relative to Australian Eastern Time (AET).
AM Marked Splunk Courses
AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;
-
UTC+10 including Australia (East Coast)
-
UCT+11/+12 including New Zealand and the Pacific Islands
-
UTC-8 including USA (West Coast), Canada (West Coast)
-
UTC-7 including USA (Mid West)
PM Marked Splunk Courses
PM marked courses start at AEDT 12:00pm and are optimal for customers in the following countries and areas;
-
UTC+10 including Australia (East Coast)
-
UCT+11/+12 including New Zealand and the Pacific Islands
-
UTC-8 including USA (West Coast), Canada (West Coast)
-
UTC-7 including USA (Mid West)