Security orchestration, automation and response for the modern SOC.

Splunk SOAR combines security infrastructure orchestration, playbook automation, case management capabilities and integrated threat intelligence to streamline your team, processes and tools. Gain expertise required to orchestrate Security Infrastructure Using Splunk SOAR Apps, automate Security Actions Using Splunk SOAR Playbooks and collaborate and respond to security incidents fast.

Overview

This 9 hour course prepares IT and security practitioners to install, configure and use Phantom in their environment and will prepare developers to attend the playbook development course.

Skills Covered

Please refer to course overview.

Prerequisites

There is no prerequisites required to attend this course.

Target Audience

Everyone can attend.

Course Curriculum

Module 1: Introduction, Deployment and Installation

  • Describe Phantom operating concepts
  • Identify documentation and community resources
  • Identify installation and upgrade options
  • Phantom & Splunk Architectue
  • Splunk/Phantom relationships

Module 2: Initial Configuration

  • Product settings
  • Access control
  • Authentication settings
  • Response settings
  • Understanding roles
  • Creating users
  • Managing user access

Module 3: Apps, Assets and Playbooks

  • Describe how apps and assets work in Phantom
  • Add and configure new apps
  • Configure assets
  • Manage playbooks

Module 4: Ingesting Data

  • Assets as data sources
  • Configuring data polling
  • Labels and tags
  • Data ingestion management
  • Event settings

Module 5: Analyst Queue

  • Work with the analyst queue
  • Filtering and sorting
  • Using search
  • Container export and import
  • Aggregation settings

Module 6: Investigation

  • Use the investigation page to work on events
  • Use indicators to find matching artifacts in multiple events
  • Using the heads-up display
  • Using notes

Module 7: Actions, Playbooks and Files

  • Manually run actions and examine action results
  • Manually run playbooks
  • Use the vault to store related files

Module 8: Case Management and Workbooks

  • Use case management for complex investigations
  • Use case workflows
  • Define new workbooks
  • Customize case management

Module 9: Customization

  • Create custom severity levels
  • Create custom status levels
  • Add custom fields and CEF settings
  • Create custom workbooks

Modul 10: Advance Topics

  • Run reports
  • Use Phantom audit tools
  • Monitor system health
  • Define clustering best practices
  • Configure multi-server Phantom clusters
  • Configure multi-tenancy
  • Backup/restore

Dates & Locations

Let’s make it work for you

Can’t find a date that fits? Need to train your whole team? Looking for a discount?
Speak to one of our learning experts today.

x Clear all selections
Trainocate exam and cert

Exam & Certification

This course is not associated with any Certification.

Training & Certification Guide

Frequently Asked Questions

Speak to a Training Consultant

All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631

Preferred mode of training
Checkboxes