+1 (778) 681-0711

Developing SOAR Playbooks

Duration : 2 Days (16 Hours)

Developing SOAR Playbooks Course Overview:

This introductory course is designed to prepare IT and security practitioners to:

  • Plan, design, create, and debug basic playbooks for Security Orchestration, Automation, and Response (SOAR).
  • Gain an understanding of the fundamental capabilities of SOAR playbooks.
  • Learn how to create and test SOAR playbooks effectively.

Completion of this course is a prerequisite for the Advanced SOAR Implementation course, providing a foundational understanding of SOAR playbooks and their usage.

Intended Audience:

  • IT and Security Practitioners: Individuals responsible for IT operations and security management who want to learn about Security Orchestration, Automation, and Response (SOAR) playbook development.
  • Security Analysts: Professionals involved in incident response and security operations looking to enhance their skills in creating and debugging SOAR playbooks.
  • Splunk SOAR Administrators: Those responsible for administering Splunk SOAR and its associated playbooks.
  • Professionals with Equivalent Knowledge: Individuals who possess equivalent working knowledge, as specified in the course prerequisites.

Learning Objectives of Developing SOAR Playbooks:

  • Automation Best Practices
  • The Visual Playbook Editor
  • Creating Automation and Input Playbooks
  • Using Actions and Decisions
  • Using Action Results
  • Testing and Debugging Playbooks
  • User Interaction
  • Output Formatting
  • Complex Logic
  • Interacting with Artifacts
  • Using Files in a Playbook
  • Custom Lists
  • Data Filtering

Module 1: Introduction to Playbooks

  • Understanding automation best practices
  • Playbook design principles
  • Support for Python scripting
  • Working with the playbook manager

Module 2: Visual Playbook Editor

  • Utilizing the visual playbook editor
  • Working with actions and decisions
  • Processing action results
  • Testing newly created playbooks

Module 3: User Interaction and Logic

  • Interacting with users during playbook execution
  • Formatting playbook outputs
  • Using decision blocks for conditional logic

Module 4: Accessing and Formatting Data

  • Accessing action results
  • Retrieving artifact and container data
  • Formatting data for presentation

Module 5: Modular Playbook Development

  • Creating input playbooks
  • Invoking other playbooks
  • Passing data between playbooks

Module 6: Custom Lists and Filters

  • Understanding custom list concepts
  • Creating custom lists
  • Accessing lists from playbooks
  • Applying filters for data manipulation

Developing SOAR Playbooks Course Prerequisites:

To succeed in this introductory SOAR course, students should have completed the following courses or possess equivalent working knowledge:

  • Investigating Incidents with Splunk SOAR
  • Administering Splunk SOAR

While not mandatory, having experience with Python programming can be beneficial for better comprehension, although it is not a strict requirement for the course.

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability

Classroom

  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention

Onsite

  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.
×