top of page
Splunk Training Provider Authorised Learning Partner Australia

Developing SOAR Playbooks

The Developing SOAR (Phantom) Playbooks is an introductory course that prepares IT and security practitioners to plan, design, create and debug basic playbooks for Phantom.

 

Students will learn fundamentals of SOAR (Phantom) playbook capabilities, creation and testing. This course is a pre-requisite for the Advanced Phantom Implementation course.

 

Splunk Credit Value : 100

Duration : 4.5 hours over 2 days

Time : 11:00 am - 2:30 pm AEST

​

*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.

Developing SOAR (Phantom) Playbooks
BOOK NOW.png
CONTACT US (3).png

Enquiry Form

Let us know what you're after

Thanks for submitting!

Extremely proficient at controlling the pace of training. Great explanation of answers & not just reading the content. Very knowledgeable about all content. Looking forward to completing the rest of the of the class.

Highly recommended.

Participant, Splunk Enterprise Data Administration

Developing SOAR (Phantom) Playbooks

Developing SOAR (Phantom) Playbooks - Course Topics

  • Automation best practices

  • The visual playbook editor

  • Using actions and decisions

  • Using action results

  • Testing and debugging playbooks

  • User interaction

  • Output formatting

  • Complex logic

  • Interacting with artifacts

  • Using the vault in a playbook

  • Custom lists

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Course Prerequisites

Familiarity with Python programming

One of the following:

  • Administering Phantom (preferred)

  • Using Phantom Video Courses

Related Certifications

None

Developing SOAR (Phantom) Playbooks - Audience

SOC Engineers, Security Architects, Threat Hunters & Responders, and Analysts who respond to security indicents using Phantom automation.

After completing Developing SOAR (Phantom) Playbooks course you will be able to

  • Use the visual playbook editor to create and modify automation flows

  • Trigger user interactions, filtering and logic

Developing SOAR (Phantom) Playbooks

Developing SOAR (Phantom) Playbooks - Course Objectives

Module 1 – Introduction to Playbooks

  • Understand automation best practices

  • Design playbooks

  • Python support

  • Use the playbook manager

Module 2 – Visual Playbook Editor

  • Use the visual playbook editor

  • Use actions and decisions

  • Process action results

  • Test new playbooks

Module 3 – User Interaction and Logic

  • Interact with users during playbook execution

  • Format outputs

  • Use decision blocks

​

Module 4 – Accessing and Formatting Data

  • Accessing action results

  • Accessing artifact and container data

  • Formatting data

Module 5 – Modular Playbook Development

  • Calling other playbooks

  • Creating artifacts

  • Sending email

  • Passing data between playbooks

Module 6 – Custom Lists and Filters

  • Custom list concepts

  • Create custom lists

  • Access lists from playbooks

  • Use filters

Developing SOAR (Phantom) Playbooks - Upcoming Courses

We don’t have any products to show here right now.

bottom of page