Detailed Course Outline
Module 1: Introduction to ArcSight SOAR
- Challenges faced by Organizations
- What is the ArcSight SOAR?
- ArcSight SOAR Features.
- Deployment Overview of ArcSight SOAR.
- Accessing ArcSight SOAR
Module 2: Setting up SOAR to Receive Alerts
- Install a Forwarding Connector on ESM
- Configure a Forwarding Connector User and Web User on ESM
- Configure Pre-persistent rule to Tag the Events Forwarded to SOAR
- Add an ESM Alert Source on SOAR
- Add an ESM Integration on SOAR
Module 3: Understand Soar Workflow
- Understanding the SOAR Workflow
- Processing ESM Alerts with SOAR
- Rule Name Filters
- Classification
- Consolidation
- Dispatching Cases
- Automating case Handling using Playbooks
Module 4: SOAR Integrations Overview
- SOAR Integrations Overview
- SOAR Integrations Capabilities
- Use Cases & Benefits
- Integrating SOAR with MISP
- Integrating SOAR with VirusTotal
Module 5: SOAR Users, Groups, SSO
- Creating User Groups in Fusion
- Creating Users in Fusion
- Importing Existing Users from ESM
- User Roles and Assigning Permissions
- ACLs in SOAR
Module 6: SOAR Case Management
- Understanding the SOAR Cases User Interface
- Viewing Case Details
- Managing Cases in SOAR
Module 7: Filtering, Classifying, Consolidating, and Dispatching Cases
- Filtering Alerts For Case Creation
- Classifying Cases on SOAR
- Consolidating Alerts to Create Cases
- Dispatching Cases
Module 8: Automating Responses with Workflow Playbooks
- What are Playbooks?
- Working with Playbooks
- Workflow Playbooks
- Scheduled Playbooks
- Managing Triggers
- Handling Manual Processes Through Tasks
- Out of The Box Workflows
Module 9: SOAR System Status
- Alerts
- Action and Rollback Queues
- Action History
- Enrichment History
- Process Queues
- Troubleshooting
Module 10: Monitoring Using SOAR Dashboards and Reports
- Reports in Fusion
- ArcSight SOAR Standard Content Resources
- Schedule and Export Reports
- Running SOAR Legacy Reports (Jasper Reports)