Configuring ArcSight SOAR for Effective Threat ResponseCASFETRMFOpenTextMF-CASFETR3.8<p>On completion of this course, participants should be able to:</p>
<ul>
<li>Configure SOAR to receive alerts from ESM</li><li>Describe the SOAR workflow</li><li>Configure integrations</li><li>Configure filtering, classifying, consolidating</li><li>and dispatching rules</li><li>Create workflow playbooks</li><li>Review system status</li><li>Run, schedule, and export reports</li></ul><p>This course assumes a familiarity working with ArcSight ESM but it is not required</p><p>Administrators and Content Engineers responsible for configuring ArcSight security content.</p><p><strong>Module 1: Introduction to ArcSight SOAR</strong>
</p>
<ul>
<li>Challenges Faced by Organizations</li><li>What Is ArcSight SOAR?</li><li>ArcSight SOAR Features.</li><li>Deployment Overview of ArcSight SOAR.</li><li>Accessing ArcSight SOAR</li></ul><p><strong>Module 2: Setting Up SOAR to Receive Alerts</strong>
</p>
<ul>
<li>Installing a Forwarding Connector on ESM</li><li>Configuring a Forwarding Connector User and Web User on ESM</li><li>Configuring a Pre-persistent Rule to Tag the Events Forwarded to SOAR</li><li>Adding an ESM Alert Source on SOAR</li><li>Adding an ESM Integration on SOAR</li></ul><p>
<strong>Module 3: Understanding the SOAR Workflow</strong></p>
<ul>
<li>Processing ESM Alerts with SOAR</li><li>Rule Name Filters</li><li>Classification</li><li>Consolidation</li><li>Dispatching Cases</li><li>Automating Case Handling by Using Playbooks</li></ul><p><strong>Module 4: SOAR Integrations Overview</strong>
</p>
<ul>
<li>SOAR Integrations Capabilities</li><li>Use Cases Benefits</li><li>Integrating SOAR with MISP</li><li>Integrating SOAR with VirusTotal</li></ul><p><strong>Module 5: SOAR Users, Groups, SSO</strong></p>
<ul>
<li>Creating User Groups in Fusion</li><li>Creating Users in Fusion</li><li>Importing Existing Users from ESM</li><li>User Roles and Assigning Permissions</li><li>ACLs in SOAR</li></ul><p><strong>Module 6: SOAR Case Management</strong></p>
<ul>
<li>Understanding the SOAR Cases User Interface</li><li>Viewing Case Details</li><li>Managing Cases in SOAR</li></ul><p><strong>Module 7: Filtering, Classifying, Consolidating, and Dispatching Cases</strong></p>
<ul>
<li>Filtering Alerts for Case Creation</li><li>Classifying Cases on SOAR</li><li>Consolidating Alerts to Create Cases</li><li>Dispatching Cases</li></ul><p><strong>Module 8: Automating Responses with Workflow Playbooks</strong></p>
<ul>
<li>What are Playbooks?</li><li>Working with Playbooks</li><li>Workflow Playbooks</li><li>Scheduled Playbooks</li><li>Managing Triggers</li><li>Handling Manual Processes Through Tasks</li><li>Out of The Box Workflows</li><li></li></ul><p><strong>Module 9: SOAR System Status</strong></p>
<ul>
<li>Alerts</li><li>Action and Rollback Queues</li><li>Action History</li><li>Enrichment History</li><li>Process Queues</li><li>Troubleshooting</li></ul><p><strong>Module 10: Monitoring Using SOAR Dashboards and Reports</strong></p>
<ul>
<li>Reports in Fusion</li><li>ArcSight SOAR Standard Content Resources</li><li>Scheduling and Exporting Reports</li><li>Running SOAR Legacy Reports (Jasper Reports)</li></ul>On completion of this course, participants should be able to:
- Configure SOAR to receive alerts from ESM
- Describe the SOAR workflow
- Configure integrations
- Configure filtering, classifying, consolidating
- and dispatching rules
- Create workflow playbooks
- Review system status
- Run, schedule, and export reportsThis course assumes a familiarity working with ArcSight ESM but it is not requiredAdministrators and Content Engineers responsible for configuring ArcSight security content.Module 1: Introduction to ArcSight SOAR
- Challenges Faced by Organizations
- What Is ArcSight SOAR?
- ArcSight SOAR Features.
- Deployment Overview of ArcSight SOAR.
- Accessing ArcSight SOAR
Module 2: Setting Up SOAR to Receive Alerts
- Installing a Forwarding Connector on ESM
- Configuring a Forwarding Connector User and Web User on ESM
- Configuring a Pre-persistent Rule to Tag the Events Forwarded to SOAR
- Adding an ESM Alert Source on SOAR
- Adding an ESM Integration on SOAR
Module 3: Understanding the SOAR Workflow
- Processing ESM Alerts with SOAR
- Rule Name Filters
- Classification
- Consolidation
- Dispatching Cases
- Automating Case Handling by Using Playbooks
Module 4: SOAR Integrations Overview
- SOAR Integrations Capabilities
- Use Cases Benefits
- Integrating SOAR with MISP
- Integrating SOAR with VirusTotal
Module 5: SOAR Users, Groups, SSO
- Creating User Groups in Fusion
- Creating Users in Fusion
- Importing Existing Users from ESM
- User Roles and Assigning Permissions
- ACLs in SOAR
Module 6: SOAR Case Management
- Understanding the SOAR Cases User Interface
- Viewing Case Details
- Managing Cases in SOAR
Module 7: Filtering, Classifying, Consolidating, and Dispatching Cases
- Filtering Alerts for Case Creation
- Classifying Cases on SOAR
- Consolidating Alerts to Create Cases
- Dispatching Cases
Module 8: Automating Responses with Workflow Playbooks
- What are Playbooks?
- Working with Playbooks
- Workflow Playbooks
- Scheduled Playbooks
- Managing Triggers
- Handling Manual Processes Through Tasks
- Out of The Box Workflows
-
Module 9: SOAR System Status
- Alerts
- Action and Rollback Queues
- Action History
- Enrichment History
- Process Queues
- Troubleshooting
Module 10: Monitoring Using SOAR Dashboards and Reports
- Reports in Fusion
- ArcSight SOAR Standard Content Resources
- Scheduling and Exporting Reports
- Running SOAR Legacy Reports (Jasper Reports)3 Tage2400.00