Prerequisites
• Basic security operations knowledge
What you’ll learn in this course
This course prepares security practitioners to use SOAR to respond to security incidents,
investigate vulnerabilities, and take action to mitigate and prevent security problems.
Course Objectives
Course Outline
Topic 1 – Starting Investigations
• SOAR investigation concepts
• ROI view
• Using the Analyst Queue
• Using indicators
• Using search
Topic 2 – Working on Events
• Use the Investigation page to work on events
• Use the heads-up display
• Set event status and other fields
• Use notes and comments
• How SLA affects event workflow
• Using artifacts and files
• Exporting events
• Executing actions and playbooks
• Managing approvals
Topic 3 – Cases: Complex Events
• Use case management for complex investigations
• Use case workflows
• Mark evidence
• Running reports
Further information
If you would like to know more about this course please contact us
