Getting help with SOAR
Training
Good courses to start with to learn Splunk SOAR are:
Course | Description |
---|---|
Developing Splunk SOAR playbooks | This 9 hour introductory course prepares IT and security practitioners to plan, design, create and debug basic playbooks for Splunk SOAR. Students will learn fundamentals of Splunk SOAR playbook capabilities, creation and testing. This course is a pre-requisite for the Advanced Phantom Implementation course. |
Splunk SOAR analyst queue walkthrough | This 9-minute video shows you how to navigate, filter, edit, and take action on events in the Splunk SOAR Analyst queue. |
Advanced Splunk SOAR implementation | This three virtual-day course is intended for experienced Phantom consultants who will be responsible for complex Splunk SOAR solution development, and will prepare the attendee to integrate Splunk SOAR with Splunk as well as develop playbooks requiring custom coding and REST API usage. |
Splunk SOAR automation broker | This 24-minute walkthrough is for Splunk SOAR admins with basic networking knowledge who understand Splunk SOAR apps, assets, and actions. Students will learn the role of the automation broker in Splunk SOAR implementation, how to install, configure, and use the automation broker to run on-prem app actions, and how to troubleshoot issues. |
Splunk SOAR mission control walkthrough | This 7-minute video guides analysts in using Splunk SOAR with Mission Control. |
Administering Splunk SOAR | This course prepares IT and security practitioners to install, configure and use a Splunk SOAR server in their environment and will prepare developers to attend the playbook development course. |
Technical help - OnDemand Services (ODS)
ODS consultants work with you directly to help you get answers to general questions, get insight on best practices, explore functionality, deploy or review the health of your instance, and implement your use cases. Most customers have OnDemand Services included as a part of their license purchase, but they do expire at the end of each quarter. Use them as early as possible in the quarter by following the instructions from the OnDemand Services Portal End User Guide.
If you cannot open a case or do not know if you have OnDemand access, contact your Splunk Customer Success Manager/Advocate or Account Team or the ODS team at OnDemand-Inquires@splunk.
Plan | Implement | Use/Adopt | Scale/Optimize |
---|---|---|---|
|
|
|
|
Project-based services
Support
On-demand webinars and tech talks
- Splunk SOAR deployment models and use cases
- How to automate phishing email response
- Super speed with Splunk SOAR slash commands
- Understanding Splunk SOAR's join logic
- Risk-based alerting at machine speed with Splunk SOAR
- Adaptable incident response with Splunk SOAR modular workbooks
- An AWSome use case for Splunk SOAR: Tackling AWS security automation
- Put the fun in custom functions