Investigating Incidents with Splunk SOAR is designed for SOC analysts and incident responders who use Splunk SOAR as their primary incident management and orchestration platform.
What You Will Learn
- Navigate the Splunk SOAR interface and manage incoming security events and cases
- Triage, merge, and escalate events using SOAR’s case management features
- Run manual and automated playbook actions against indicators and artifacts
- Use investigation workbooks to document findings and track response tasks
- Integrate SOAR investigations with Splunk Enterprise Security for enriched context
Who Should Attend
SOC analysts, incident responders, and threat hunters who use Splunk SOAR as part of their security operations workflow.
Prerequisites
Familiarity with security incident response concepts and basic experience with Splunk search is recommended.
