Course Overview
This course teaches you how to configure ArcSight SOAR to receive alerts, integrate with other products, and create Playbooks.
Who should attend
This course is designed for Security Content Developers, who may be Analysts or Administrators.
Prerequisites
This course assumes a familiarity working with ArcSight ESM but it is not required.
Course Objectives
At the end of this course, you should able to :
- Understand ArcSight SOAR
- Set up SOAR to receive alerts
- Understand SOAR workflow
- Understand SOAR integrations
- Understand SOAR Users, Groups and SSO
- Manage SOAR cases
- Filter, classify, consolidate, and dispatch cases
- Automate response with workflow playbooks
- Understand SOAR System status
- Monitor using SOAR Dashboards & reports
Course Content
- Module 1: Introduction to ArcSight SOAR
- Module 2: Setting up SOAR to Receive Alerts
- Module 3: Understand Soar Workflow
- Module 4: SOAR Integrations Overview
- Module 5: SOAR Users, Groups, SSO
- Module 6: SOAR Case Management
- Module 7: Filtering, Classifying, Consolidating, and Dispatching Cases
- Module 8: Automating Responses with Workflow Playbooks
- Module 9: SOAR System Status
- Module 10: Monitoring Using SOAR Dashboards and Reports