Who should attend
Experienced SOAR consultants responsible for complex SOAR solution development.
Certifications
This course is part of the following Certifications:
Prerequisites
Attendees for this module must ensure that they meet all module prerequisites. This is a challenging, advanced module that draws on technical knowledge from many areas in Splunk and SOAR, and the demanding labs and schedule leave little time to learn the basics.
To be successful, students should have a solid understanding of the following:
- Experience with Python programming
- Administering Splunk SOAR
- Developing Splunk SOAR Playbooks
- Enterprise Splunk Data Administration
- Enterprise Splunk System Administration
- Either Using or Administering Splunk Enterprise Security
Course Objectives
- Using external Splunk search in SOAR
- Sending events from Splunk to SOAR
- Updating Splunk events from SOAR
- Running SOAR reports on Splunk
- Executing SOAR playbooks from Splunk
- Searching Splunk from SOAR playbooks
- Writing custom code for use in SOAR Playbooks
- Using the SOAR REST API in SOAR Playbooks
Course Content
This 13.5-hour module is intended for experienced SOAR consultants who are responsible for complex SOAR solution development, and will prepare the attendee to integrate SOAR with Splunk as well as develop playbooks requiring custom coding and REST API usage.
Potential attendees have received a passing grade in all prerequisite modules and must ensure they can devote all of their attention to the class, as the work is very challenging. Students will develop a custom solution with SOAR, Splunk, and custom Python code. The labs provide requirements for the solution; the student must plan and execute the development. This will require thoughtful focus, experimentation, and problem-solving skills.
Please note that this class may run across three days, with 4.5 hours each day.
Polish
Angielski
Polska