Advanced SOAR Implementation (ASOARI) – Contenuti

Contenuti dettagliati del Corso

Module 1 – Implementing Splunk and SOAR

  • Review of SOAR UI and concepts
  • Describe interactions between Splunk and SOAR
  • Identify key concepts and data flows
  • Prerequisites for integration

Module 2 – Forwarding Events from SOAR to Splunk

  • Describe the benefits of sending events to Splunk
  • Configure the SOAR instance for forwarding
  • Configure the Splunk instance for forwarding
  • Search for SOAR events and logs on Splunk

Module 3 – Sending Splunk Events to SOAR

  • Configure the Splunk App for SOAR Export
  • Map CIM fields to CEF
  • Send Enterprise Security notables to SOAR
  • Automatically trigger SOAR playbooks for Splunk notables

Module 4 – Accessing Splunk from SOAR

  • Install and configure the SOAR App for Splunk
  • Ingest Splunk events into SOAR
  • Use Splunk search from playbooks
  • Update Splunk notable events

Module 5 – Custom Coding in Playbooks

  • SOAR coding best practices
  • Writing, using and managing custom functions
  • Using the SOAR API in custom code
  • Store and retrieve persistent data

Module 5 – Using SOAR REST

  • Use Django queries to search for data in SOAR
  • Use REST to access SOAR data
  • Use the HTTP app to execute REST from playbooks