top of page

Administering Splunk SOAR

Splunk Training Provider Authorised Learning Partner Australia

The Administering SOAR (previously called Phantom) course prepares IT and security practitioners to install, configure and use a SOAR (Phantom) server in their environment and will prepare developers to attend the playbook development course.

​

This 3.5 hour course prepares IT professionals to configure and manage SOAR

​

Splunk Credit Value : 50

Duration : 3.5 hours over 1 day

Time : 11:00 am - 2:30 pm AEST

​

*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.

Administering Phantom
BOOK NOW.png
CONTACT US (3).png

Enquiry Form

Let us know what you're after

Thanks for submitting!

The instructor very knowledgeable and was able to provide useful examples during the course..

Participant, Splunk Enterprise System Administration

Administering Phantom

Administering SOAR - Course Topics

  • SOAR concepts

  • Initial configuration

  • Apps and assets

  • Configuring automation

  • User management

  • Ingesting data

  • Customization and monitoring

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Course Prerequisites

  • Investigating Incidents with Splunk SOAR

Related Certifications

None

Administering SOAR - Audience

Anyone whose role includes deploying, or maintaining and configuring Splunk SOAR (Phantom). SOC Engineer, Security Architects, Threat Hunters & Responders.

After completing Administering SOAR course you will be able to

  • Install and configure SOAR (Phantom)

  • Configure apps, assets, access control and manage playbooks

  • Identify and onboard data into SOAR (Phantom)

  • Work with containers, labels, artifacts, and tags

  • Manage investigations with actions and playbooks

  • Use workbooks and case management

Administering Phantom

Module 1 – Initial Configuration

  • Describe SOAR operating concepts

  • Identify documentation and community resources

  • SOAR & Splunk Architecture

  • Product settings

  • Access control

  • Authentication settings

  • Response settings

  • Understanding roles

  • Creating users

  • Managing user access

Module 2 – Apps, Assets and Playbooks

  • Add and configure apps and assets

  • Manage playbooks

  • Ingesting Data

  • Labels and tags

  • Event settings

Module 3 – Customisation and Monitoring

  • Create custom severity levels

  • Create custom status levels

  • Add custom fields and CEF settings

  • Create custom workbooks

  • Run reports

  • Use SOAR audit tools

  • Monitor system health

​

Administering SOAR - Course Objectives

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

​

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

​

​

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses usually starts at AEDT 12:00pm or AEST 11:00 am and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

Administering SOAR (Phantom) - Upcoming Courses
bottom of page