Investigating Incidents with Splunk SOAR
Summary
​
This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.
​
Description
​
-
SOAR concepts
-
Investigations
-
Running actions and playbooks
-
Case management & workflows
​
.png)
Splunk Credit Value: 50
Duration: 3 hours
Time: 11am – 2pm AEST
​
Objectives
​
Topic 1 – Starting Investigations
-
SOAR investigation concepts
-
ROI view
-
Using the Analyst Queue
-
Using indicators
-
Using search
​
Topic 2 – Working on Events
-
Using the investigation page to work on events
-
Use the heads-up display
-
Set event status and other fields
-
Use notes and comments
-
How SLA affects event workflow
-
Using artifacts and files
-
Exporting events
-
Executing actions and playbooks
-
Managing approvals
​
Topic 3 – Cases: Complex Events
-
Use case management for complex investigations
-
Use case workflows
-
Mark evidence
-
Running reports
Splunk Course Schedules and Timezones
Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.
​
Dates and times displayed for each course are relative to Australian Eastern Time (AET).
​
​
AM Marked Splunk Courses
AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;
​
-
UTC+10 including Australia (East Coast)
-
UCT+11/+12 including New Zealand and the Pacific Islands
-
UTC-8 including USA (West Coast), Canada (West Coast)
-
UTC-7 including USA (Mid West)
PM Marked Splunk Courses
PM marked courses start at AEDT 12:00pm and are optimal for customers in the following countries and areas;
​
-
UTC+10 including Australia (East Coast)
-
UCT+11/+12 including New Zealand and the Pacific Islands
-
UTC-8 including USA (West Coast), Canada (West Coast)
-
UTC-7 including USA (Mid West)
