Detailed Course Outline
Topic 1 – Implementing Splunk and SOAR
- Review of SOAR UI and concepts
- Describe interactions between Splunk and SOAR
- Identify key concepts and data flows
- Prerequisites for integration
Topic 2 – Configuring External Splunk Search
- Describe the benefits of externalizing search to Splunk
- Configure the SOAR instance for externalization
- Configure the Splunk instance for externalization
- Use the Splunk app for SOAR Reporting
Topic 3 – Sending Splunk Events to SOAR
- Configure the SOAR Add-on for Splunk
- Map CIM fields to CEF
- Send Enterprise Security notables to SOAR
- Automatically trigger SOAR playbooks for Splunk notables
Topic 4 – Accessing Splunk from SOAR
- Install and configure the SOAR App for Splunk
- Ingest Splunk events into SOAR
- Use Splunk search from playbooks
- Update Splunk notable events
Topic 5 – Custom Coding in Playbooks
- SOAR coding best practices
- Writing, using and managing custom functions
- Using the SOAR API in custom code
- Store and retrieve persistent data
Topic 6 – Using SOAR REST
- Use Django queries to search for data in SOAR
- Use REST to access SOAR data
- Use the HTTP app to execute REST from playbooks