Administering Splunk SOAR (ASOAR) – Details

Detaillierter Kursinhalt

Topic 1 –Initial Configuration

• Describe SOAR operating concepts
• Identify documentation and community resources
• SOAR & Splunk Architecture
• Product settings
• Access control
• Authentication settings
• Response settings
• Understanding roles
• Creating users
• Managing user access
• Describe SOAR Automation Broker

Topic 2 – Apps, Assets and Playbooks

• Add and configure apps and assets
• Manage playbooks
• Ingesting Data
• Labels and tags
• Event settings

Topic 3 – Customization and Monitoring

• Create custom severity levels
• Create custom status levels
• Add custom fields and CEF settings
• Create custom workbooks
• Run reports
• Use SOAR audit tools
• Monitor system health

Appendix: SOAR Automation Broker