Detailed Course Outline
Module 1 – Implementing Splunk and SOAR
- Review of SOAR UI and concepts
- Describe interactions between Splunk and SOAR
- Identify key concepts and data flows
- Prerequisites for integration
Module 2 – Forwarding Events from SOAR to Splunk
- Describe the benefits of sending events to Splunk
- Configure the SOAR instance for forwarding
- Configure the Splunk instance for forwarding
- Search for SOAR events and logs on Splunk
Module 3 – Sending Splunk Events to SOAR
- Configure the Splunk App for SOAR Export
- Map CIM fields to CEF
- Send Enterprise Security notables to SOAR
- Automatically trigger SOAR playbooks for Splunk notables
Module 4 – Accessing Splunk from SOAR
- Install and configure the SOAR App for Splunk
- Ingest Splunk events into SOAR
- Use Splunk search from playbooks
- Update Splunk notable events
Module 5 – Custom Coding in Playbooks
- SOAR coding best practices
- Writing, using and managing custom functions
- Using the SOAR API in custom code
- Store and retrieve persistent data
Module 5 – Using SOAR REST
- Use Django queries to search for data in SOAR
- Use REST to access SOAR data
- Use the HTTP app to execute REST from playbooks