Detaillierter Kursinhalt
Topic 1 – Starting Investigations
- SOAR investigation concepts
- ROI view
- Using the Analyst Queue
- Using indicators
- Using search
Topic 2 – Working on Events
- Use the Investigation page to work on events
- Use the heads-up display
- Set event status and other fields
- Use notes and comments
- How SLA affects event workflow
- Using artifacts and files
- Exporting events
- Executing actions and playbooks
- Managing approvals
Topic 3 – Cases: Complex Events
- Use case management for complex investigations
- Use case workflows
- Mark evidence
- Running reports