Bestellung
Wenn Sie an diesem Seminar teilnehmen wollen, füllen Sie folgendes Formular aus.Die mit * gekennzeichneten Felder müssen ausgefüllt werden.
This instructor-led course teaches you how to configure ArcSight SOAR 3.8. You will learn how to configure SOAR to receive ESM alerts, integrate with other products to enrich cases, and create workflow playbooks, in addition to configuring other features of the product.
The course uses lectures and a series of hands-on labs to teach the course material. The hands-on labs for this course use version 3.8 of the SOAR software.
Highlights:
- Overview of ArcSight SOAR
- Configuring SOAR to receive ESM alerts
- Configuring integrations
- Creating workflow playbooks
- Running reports"Module 1: Introduction to ArcSight SOAR
- Challenges Faced by Organizations
- What Is ArcSight SOAR?
- ArcSight SOAR Features.
- Deployment Overview of ArcSight SOAR.
- Accessing ArcSight SOAR
Module 2: Setting Up SOAR to Receive Alerts
- Installing a Forwarding Connector on ESM
- Configuring a Forwarding Connector User and Web User on ESM
- Configuring a Pre-persistent Rule to Tag the Events Forwarded to SOAR
- Adding an ESM Alert Source on SOAR
- Adding an ESM Integration on SOAR
Module 3: Understanding the SOAR Workflow
- Processing ESM Alerts with SOAR
- Rule Name Filters
- Classification
- Consolidation
- Dispatching Cases
- Automating Case Handling by Using Playbooks
Module 4: SOAR Integrations Overview
- SOAR Integrations Capabilities
- Use Cases Benefits
- Integrating SOAR with MISP
- Integrating SOAR with VirusTotal
Module 5: SOAR Users, Groups, SSO
- Creating User Groups in Fusion
- Creating Users in Fusion
- Importing Existing Users from ESM
- User Roles and Assigning Permissions
- ACLs in SOAR
Module 6: SOAR Case Management
- Understanding the SOAR Cases User Interface
- Viewing Case Details
- Managing Cases in SOAR
Module 7: Filtering, Classifying, Consolidating, and Dispatching Cases
- Filtering Alerts for Case Creation
- Classifying Cases on SOAR
- Consolidating Alerts to Create Cases
- Dispatching Cases
Module 8: Automating Responses with Workflow Playbooks
- What are Playbooks?
- Working with Playbooks
- Workflow Playbooks
- Scheduled Playbooks
- Managing Triggers
- Handling Manual Processes Through Tasks
- Out of The Box Workflows
-
Module 9: SOAR System Status
- Alerts
- Action and Rollback Queues
- Action History
- Enrichment History
- Process Queues
- Troubleshooting
Module 10: Monitoring Using SOAR Dashboards and Reports
- Reports in Fusion
- ArcSight SOAR Standard Content Resources
- Scheduling and Exporting Reports
- Running SOAR Legacy Reports (Jasper Reports)
The course uses lectures and a series of hands-on labs to teach the course material. The hands-on labs for this course use version 3.8 of the SOAR software.
Highlights:
- Overview of ArcSight SOAR
- Configuring SOAR to receive ESM alerts
- Configuring integrations
- Creating workflow playbooks
- Running reports"Module 1: Introduction to ArcSight SOAR
- Challenges Faced by Organizations
- What Is ArcSight SOAR?
- ArcSight SOAR Features.
- Deployment Overview of ArcSight SOAR.
- Accessing ArcSight SOAR
Module 2: Setting Up SOAR to Receive Alerts
- Installing a Forwarding Connector on ESM
- Configuring a Forwarding Connector User and Web User on ESM
- Configuring a Pre-persistent Rule to Tag the Events Forwarded to SOAR
- Adding an ESM Alert Source on SOAR
- Adding an ESM Integration on SOAR
Module 3: Understanding the SOAR Workflow
- Processing ESM Alerts with SOAR
- Rule Name Filters
- Classification
- Consolidation
- Dispatching Cases
- Automating Case Handling by Using Playbooks
Module 4: SOAR Integrations Overview
- SOAR Integrations Capabilities
- Use Cases Benefits
- Integrating SOAR with MISP
- Integrating SOAR with VirusTotal
Module 5: SOAR Users, Groups, SSO
- Creating User Groups in Fusion
- Creating Users in Fusion
- Importing Existing Users from ESM
- User Roles and Assigning Permissions
- ACLs in SOAR
Module 6: SOAR Case Management
- Understanding the SOAR Cases User Interface
- Viewing Case Details
- Managing Cases in SOAR
Module 7: Filtering, Classifying, Consolidating, and Dispatching Cases
- Filtering Alerts for Case Creation
- Classifying Cases on SOAR
- Consolidating Alerts to Create Cases
- Dispatching Cases
Module 8: Automating Responses with Workflow Playbooks
- What are Playbooks?
- Working with Playbooks
- Workflow Playbooks
- Scheduled Playbooks
- Managing Triggers
- Handling Manual Processes Through Tasks
- Out of The Box Workflows
-
Module 9: SOAR System Status
- Alerts
- Action and Rollback Queues
- Action History
- Enrichment History
- Process Queues
- Troubleshooting
Module 10: Monitoring Using SOAR Dashboards and Reports
- Reports in Fusion
- ArcSight SOAR Standard Content Resources
- Scheduling and Exporting Reports
- Running SOAR Legacy Reports (Jasper Reports)