Home > Vendors > splunk > splk-iiss

SPLK-IISS - Investigating Incidents with Splunk SOAR

This 3 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.

Code: splk-iiss

Duration: 3.0 days

Enquire Now

Start learning today!

Click Hereto customize your Training

Objectives

SOAR concepts
Investigations
Running actions and playbooks
Case management & workflows

Content

Topic 1 – Starting Investigations

SOAR investigation concepts
ROI view
Using the Analyst Queue
Using indicators
Using search

Topic 2 – Working on Events

Using the investigation page to work on events
Use the heads-up display
Set event status and other fields
Use notes and comments
How SLA affects event workflow
Using artifacts and files
Exporting events
Executing actions and playbooks
Managing approvals

Topic 3 – Cases: Complex Events

Use case management for complex investigations
Use case workflows
Mark evidence
Running reports

Audience

Prerequisites

N/A

Certification

Course Benefits

Career growth
Broad Career opportunities
Worldwide recognition from leaders
Up-to Date technical skills
Popular Certification Badges

Splunk Popular Courses

splk-dyd

This course focuses on creating inputs, chain searches, event annotations, and improving dashboard performance.

splk-introdyd

This course focuses on dashboard creation, including prototyping, the dashboard definition, layouts types, adding visualizations, and dynamic coloring.

splk-lls

This course will focus on lookup commands and explore how to use subsearches to correlate and filter data from multiple sources

splk-wtime

This course will focus on searching and formatting time in addition to using time commands and working with time zones.

Subtotal