Developing SOAR Playbooks
Duration : 2 Days (16 Hours)
Developing SOAR Playbooks Course Overview:
This introductory course is designed to prepare IT and security practitioners to:
- Plan, design, create, and debug basic playbooks for Security Orchestration, Automation, and Response (SOAR).
- Gain an understanding of the fundamental capabilities of SOAR playbooks.
- Learn how to create and test SOAR playbooks effectively.
Completion of this course is a prerequisite for the Advanced SOAR Implementation course, providing a foundational understanding of SOAR playbooks and their usage.
Intended Audience:
- IT and Security Practitioners: Individuals responsible for IT operations and security management who want to learn about Security Orchestration, Automation, and Response (SOAR) playbook development.
- Security Analysts: Professionals involved in incident response and security operations looking to enhance their skills in creating and debugging SOAR playbooks.
- Splunk SOAR Administrators: Those responsible for administering Splunk SOAR and its associated playbooks.
- Professionals with Equivalent Knowledge: Individuals who possess equivalent working knowledge, as specified in the course prerequisites.
Learning Objectives of Developing SOAR Playbooks:
- Automation Best Practices
- The Visual Playbook Editor
- Creating Automation and Input Playbooks
- Using Actions and Decisions
- Using Action Results
- Testing and Debugging Playbooks
- User Interaction
- Output Formatting
- Complex Logic
- Interacting with Artifacts
- Using Files in a Playbook
- Custom Lists
- Data Filtering
Module 1: Introduction to Playbooks
- Understanding automation best practices
- Playbook design principles
- Support for Python scripting
- Working with the playbook manager
Module 2: Visual Playbook Editor
- Utilizing the visual playbook editor
- Working with actions and decisions
- Processing action results
- Testing newly created playbooks
Module 3: User Interaction and Logic
- Interacting with users during playbook execution
- Formatting playbook outputs
- Using decision blocks for conditional logic
Module 4: Accessing and Formatting Data
- Accessing action results
- Retrieving artifact and container data
- Formatting data for presentation
Module 5: Modular Playbook Development
- Creating input playbooks
- Invoking other playbooks
- Passing data between playbooks
Module 6: Custom Lists and Filters
- Understanding custom list concepts
- Creating custom lists
- Accessing lists from playbooks
- Applying filters for data manipulation
Developing SOAR Playbooks Course Prerequisites:
To succeed in this introductory SOAR course, students should have completed the following courses or possess equivalent working knowledge:
- Investigating Incidents with Splunk SOAR
- Administering Splunk SOAR
While not mandatory, having experience with Python programming can be beneficial for better comprehension, although it is not a strict requirement for the course.
Discover the perfect fit for your learning journey
Choose Learning Modality
Live Online
- Convenience
- Cost-effective
- Self-paced learning
- Scalability
Classroom
- Interaction and collaboration
- Networking opportunities
- Real-time feedback
- Personal attention
Onsite
- Familiar environment
- Confidentiality
- Team building
- Immediate application
Training Exclusives
This course comes with following benefits:
- Practice Labs.
- Get Trained by Certified Trainers.
- Access to the recordings of your class sessions for 90 days.
- Digital courseware
- Experience 24*7 learner support.
Got more questions? We’re all ears and ready to assist!