Splunk Education, Training and Professional Services Provider Investigating Incidents with Splunk SOAR Summary This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate Description SOAR concepts Investigations Running actions and playbooks Case management & workflows Enquiry SOAR investigation concepts ROI view Using the Analyst Queue Using indicators Using search Topic 2 – Working on Events Using the investigation page to work on events Use the heads-up display Set event

Take ownership of incidents, and move through the investigation workflow. Use asset and identity investigator swim lanes to analyse security related events. response actions during incident investigation Create notable events Suppress notable events Module Use investigations to manage incident response activity Use the investigation Workbench to manage, visualize and coordinate incident investigations Add various items to investigations (notes, action history, collaborators

view cluster data Topic 2: Monitoring Kubernetes with Built-in Content Use the Kubernetes Navigator to investigate Use the Cluster Analyzer to pinpoint the root of some problems Use built-in Kubernetes Dashboards to investigate and troubleshoot Use AutoDetect to investigate and troubleshoot Topic 3: Monitor Kubernetes with Custom

Education, Training and Professional Services Provider Users The User Learning path takes you from investigative

Course Prerequisites To be successful, students must have a working understanding of these courses: Investigating Identify and onboard data into SOAR (Phantom) Work with containers, labels, artifacts, and tags Manage investigations

Intelligence - Course Topics ITSI features and User Interface Creating Glass Tables Managing Notable Events Investigating examples of multi – KPI Alerts Describe the notable events workflow Work with notable events Module 4 - Investigating

Participant, Splunk Fundamentals 3 Administering Splunk Enterprise Security - Course Topics Monitoring and Investigation Objectives Module 1 – ES Introduction Overview of ES features and concepts Module 2 – Monitoring and Investigation

Administering Splunk SOAR Investigating Splunk Incidents with SOAR Developing SOAR Playbooks Advanced

help you harness Splunk’s full capabilities, providing expert training and support to maximise your investment certification, your team can unlock the full potential of this platform, enabling faster detection, smarter investigation Transparent Pricing: We offer clear guidance on Splunk observability pricing, ensuring value for every investment From achieving comprehensive visibility to enabling rapid detection and investigation, our services ensure Explore how Ingeniq can help you maximise your Splunk investment and drive measurable success in observability

Troubleshooting Troubleshooting Splunk deployments Collecting data and use diagnostics or monitoring to investigate

Courses Using Splunk Enterprise Security (ES) V8 Learn core ES workflows including correlation searches, investigations

examples of multi – KPI Alerts Describe the notable events workflow Work with notable events Module 4 - Investigating