top of page
Splunk Training Provider Authorised Learning Partner Australia

Investigating Incidents with Splunk SOAR

Summary

​

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

​

Description

​

  • SOAR concepts

  • Investigations

  • Running actions and playbooks

  • Case management & workflows

​

Buy Splunk Implementing IT Service Intelligence Training Course Now
Splunk Fundamentals 1 - Legacy Course Information

Enjoyable presenter and easy to understand for an intermediate Splunk user pursuing Admin certification. Thanks from Massachusetts!

Participant, Splunk Fundamentals 2

Splunk Credit Value: 50

Duration: 3 hours

Time: 11am – 2pm AEST

​

Objectives

​

Topic 1 – Starting Investigations

  • SOAR investigation concepts

  • ROI view

  • Using the Analyst Queue

  • Using indicators

  • Using search

​

Topic 2 – Working on Events

  • Using the investigation page to work on events

  • Use the heads-up display

  • Set event status and other fields

  • Use notes and comments

  • How SLA affects event workflow

  • Using artifacts and files

  • Exporting events

  • Executing actions and playbooks

  • Managing approvals

 

​

Topic 3 – Cases: Complex Events

  • Use case management for complex investigations

  • Use case workflows

  • Mark evidence

  • Running reports

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

​

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

​

​

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses start at AEDT 12:00pm and are optimal for customers in the following countries and areas;

​

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

Investigating Incidents with Splunk SOAR - Upcoming Courses
bottom of page