Course Overview
This course provides you with the knowledge to effectively configure Security Orchestration Automation and Response (SOAR) for strategic and efficient use by the analyst in your security operations center.
Prerequisites
This course assumes familiarity with ESM.
Course Objectives
On completion of this course, you should be able to:
- Configure ArcSight SOAR to receive alerts from ESM.
- Describe the SOAR workflow.
- Configure integrations.
- Configure filtering, classifying, consolidating and dispatching rules.
- Create workflow playbooks.
- Review system status.
- Run schedule and export reports
Course Content
This course teaches you how to configure ArcSight SOAR. You will learn how to configure SOAR to receive Enterprise Security Manager (ESM) alerts, integrate with other products to enrich cases, and create workflow playbooks, in addition to configuring other features of the product.
The course uses lectures and a series of hands-on labs to teach the course material. The hands-on labs for this course use the current version of the SOAR software.
Highlights:
- Navigate Content Server by using the various Content Server tools
- Manage documents by adding, editing, versioning, and deleting them in the Smart View and Classic View based on your document permissions
- Find information using collections, shortcuts, versions, and generations
- Personalize your user environment
English