Course Overview
This course teaches you how to configure ArcSight SOAR to receive alerts, integrate with other products, and create Playbooks.
Prerequisites
This course assumes a familiarity working with ArcSight ESM, but it is not required.
Audience Profile
This course is designed for Security Content Developers, who may be Analysts or Administrators.
Learning Objectives
On completion of this course, participants should be able to:
Content Outline
- Challenges faced by Organizations
- What is the ArcSight SOAR?
- ArcSight SOAR Features.
- Deployment Overview of ArcSight SOAR.
- Accessing ArcSight SOAR
- Install a Forwarding Connector on ESM
- Configure a Forwarding Connector User and Web User on ESM
- Configure Pre-persistent rule to Tag the Events Forwarded to SOAR
- Add an ESM Alert Source on SOAR
- Add an ESM Integration on SOAR
- Understanding the SOAR Workflow
- Processing ESM Alerts with SOAR
- Rule Name Filters
- Classification
- Consolidation
- Dispatching Cases
- Automating case Handling using Playbooks
- SOAR Integrations Overview
- SOAR Integrations Capabilities
- Use Cases & Benefits
- Integrating SOAR with MISP
- SOAR Integrations Overview
- SOAR Integrations Capabilities
- Use Cases & Benefits
- Integrating SOAR with MISP
- Integrating SOAR with VirusTotal
- Creating User Groups in Fusion
- Creating Users in Fusion
- Importing Existing Users from ESM
- User Roles and Assigning Permissions
- Understanding the SOAR Cases User Interface
- Viewing Case Details
- Managing Cases in SOAR
- Filtering Alerts For Case Creation
- Classifying Cases on SOAR
- Consolidating Alerts to Create Cases
- Dispatching Cases
- What are Playbooks?
- Working with Playbooks
- Workflow Playbooks
- Scheduled Playbooks
- Managing Triggers
- Handling Manual Processes Through Tasks
- Out of The Box Workflows
- Alerts
- Action and Rollback Queues
- Action History
- Enrichment History
- Process Queues
- Troubleshooting
- Reports in Fusion
- ArcSight SOAR Standard Content Resources
- Schedule and Export Reports
- Running SOAR Legacy Reports (Jasper Reports)
FAQs
A: To attend the training session, you should have operational Desktops or Laptops with the required specification, along with a good internet connection to access the labs.
A: We would always recommend you attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, if, due to some contingency, you have to skip the class, Radiant Techlearning will help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.
A: Radiant Techlearning has a data center containing the Virtual Training environment for the purpose of participant hand-on-practice.
Participants can easily access these labs over Cloud with the help of a remote desktop connection.
Radiant virtual labs provide you the flexibility to learn from anywhere in the world and in any time zone.
A: The learners will be enthralled as we engage them the real-world and industry Oriented projects during the training program. These projects will improve your skills and knowledge, and you will gain a better experience. These real-time projects will help you a lot in your future tasks and assignments.