Cieľová skupina
This course is designed for Security Content Developers, who may be Analysts or Administrators.
Štruktúra kurzu
- Challenges faced by Organizations
- What is the ArcSight SOAR?
- ArcSight SOAR Features.
- Deployment Overview of ArcSight SOAR. Accessing ArcSight SOAR
- Install a Forwarding Connector on ESM
- Configure a Forwarding Connector User and Web User on ESM Configure Pre-persistent rule to Tag the Events Forwarded to SOAR Add an ESM
- Alert Source on SOAR
- Add an ESM Integration on SOAR
Understanding the SOAR Workflow Processing ESM Alerts with SOAR
- Rule Name Filters
- Classification
- Consolidation
- Dispatching Cases
- Automating case Handling using Playbooks
- SOAR Integrations Overview
- SOAR Integrations Capabilities
- Use Cases & Benefits
- Integrating SOAR with MISP
- Integrating SOAR with VirusTotal
- What are Playbooks?
- Working with Playbooks
- Workflow Playbooks
- Scheduled Playbooks
- Managing Triggers
- Handling Manual Processes Through Tasks Out of The Box Workflows
- Alerts
- Action and Rollback Queues Action History
- Enrichment History
- Process Queues Troubleshooting
- Reports in Fusion
- ArcSight SOAR Standard Content Resources Schedule and Export Reports
- Running SOAR Legacy Reports (Jasper Reports)