SPLK-IISS - Investigating Incidents with Splunk SOAR

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

Code: splk-iiss

Duration: 3.0 days

Enquire Now

Start learning today!

Click Hereto customize your Training

Objectives

  • SOAR concepts
  • Investigations
  • Running actions and playbooks
  • Case management & workflows

Content

Topic 1 – Starting Investigations

  • SOAR investigation concepts
  • ROI view
  • Using the Analyst Queue
  • Using indicators
  • Using search

Topic 2 – Working on Events

  • Using the investigation page to work on events
  • Use the heads-up display
  • Set event status and other fields
  • Use notes and comments
  • How SLA affects event workflow
  • Using artifacts and files
  • Exporting events
  • Executing actions and playbooks
  • Managing approvals

Topic 3 – Cases: Complex Events

  • Use case management for complex investigations
  • Use case workflows
  • Mark evidence
  • Running reports

Audience

Prerequisites

N/A

Certification

product-certification

Course Benefits

product-benefits
  • Career growth
  • Broad Career opportunities
  • Worldwide recognition from leaders
  • Up-to Date technical skills
  • Popular Certification Badges

Splunk Popular Courses

splk-sefs

This "Fast Start" course covers over 60 commands and functions and prepares students to be search experts.

splk-iiss

This course prepares security practitioners to use SOAR to respond to security incidents.

splk-dyd

This course focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.

splk-introdyd

This course focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.


Enquire Now
 
 
 
 
piOfcG
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy