EtusivuHae koulutuksia & tapahtumiaInvestigating Incidents with Splunk SOAR

Investigating Incidents with Splunk SOAR

This 3.5 hour course prepares security practitioners to use SOAR to respond to security incidents, investigate vulnerabilities, and take action to mitigate and prevent security problems.


Osallistumismuoto

Remote


Kesto

3 tuntia


Hinta

500 €

Splunk classes are designed for specific roles such as Splunk Administrator, Developer, User, Knowledge Manager, or Architect.

Topic 1 - Starting Investigations

  • SOAR investigation concepts

  • ROI view

  • Using the Analyst Queue

  • Using indicators

  • Using search

;

Topic 2 - Working on Events

    • Use the Investigation page to work on events

    • Use the heads-up display

    • Set event status and other fields

    • Use notes and comments

    • How SLA affects event workflow

    • Using artifacts and files

    • Exporting events

    • Executing actions and playbooks

    • Managing approvals

    ;

    Topic 3 - Cases: Complex Events

      • Use case management for complex investigations

      • Use case workflows

      • Mark evidence

      • Running reports

      Security operations experience.

      • SOAR concepts

      • Investigations

      • Running actions and playbooks

      • Case management and workflows

      Hinta 500 € +alv

      Toteutukset


      + Näytä lisää toteutuksia


      Pidätämme oikeudet mahdollisiin muutoksiin ohjelmassa, kouluttajissa ja toteutusmuodossa. 
      Katso usein kysytyt kysymykset täältä.

      Yhteistyössä: Arrow