Advanced SOAR Implementation Course Overview:

This course is designed for experienced SOAR consultants who are responsible for complex SOAR solution development. It aims to equip attendees with the skills needed to integrate SOAR with Splunk and create playbooks that involve custom coding and REST API usage.

Prospective participants should have successfully completed all prerequisite courses and be prepared to fully commit their attention to this challenging coursework. During the course, students will work on developing a custom solution that utilizes SOAR, Splunk, and custom Python code. The labs will outline the solution requirements, and students will be responsible for planning and executing the development process. This will demand careful focus, experimentation, and problem-solving abilities.

Intended Audience:

• Experienced SOAR Consultants: Individuals who have experience in SOAR solution development and are responsible for complex SOAR solution development.
• Technical Professionals: IT and security practitioners who want to integrate Splunk and SOAR, as well as develop playbooks requiring custom coding and REST API usage.
• Splunk Administrators: Those who have experience in administering Splunk and want to extend their knowledge to include SOAR integration.
• Splunk Developers: Professionals who have experience in developing Splunk SOAR Playbooks or similar automation workflows.
• Python Programmers: Individuals with experience in Python programming, as custom coding is a part of the course.
• Splunk Enterprise Administrators: Professionals who have experience in administering Splunk Enterprise, especially those with expertise in Splunk Enterprise Data Administration and System Administration.
• Splunk Enterprise Security (ES) Users/Administrators: Those familiar with using or administering Splunk Enterprise Security, as the course involves integrating SOAR with ES.

Learning Objectives of Advanced SOAR Implementation:

• Using External Splunk Search in SOAR: Learn to seamlessly integrate external Splunk searches into SOAR workflows.
• Sending Events from Splunk to SOAR: Understand how to forward events from Splunk to SOAR for further analysis and response.
• Updating Splunk Events from SOAR: Gain the ability to modify and update Splunk events directly from within the SOAR platform.
• Running SOAR Reports on Splunk: Discover how to generate and run SOAR reports within the Splunk environment for enhanced insights.
• Executing SOAR Playbooks from Splunk: Learn how to trigger and execute SOAR playbooks directly from the Splunk interface, enabling automated incident response.
• Searching Splunk from SOAR Playbooks: Harness the power to initiate searches within Splunk from within SOAR playbooks, streamlining investigative processes.
• Writing Custom Code for Use in SOAR Playbooks: Develop custom Python code to extend the functionality of SOAR playbooks, tailored to specific use cases.
• Using the SOAR REST API in SOAR Playbooks: Leverage the SOAR REST API within playbooks to enable seamless integration and automation.