advanced search
Do you have any questions?
+420 731 175 867 (Mo-Fr: 9A.M.-5P.M.)
EN
0 Basket

SOAR360i – Configuring ArcSight SOAR for Effective Threat Response

Course code: SOAR360i

This instructor-led course teaches you how to configure ArcSight SOAR 3.8. You will learn how to configure SOAR to receive ESM alerts, integrate with other products to enrich cases, and create workflow playbooks, in addition to configuring other features of the product.
The course uses lectures and a series of hands-on labs to teach the course material. The hands-onlabs for this course use version 3.8 of the SOAR software.

2 412 EUR

2 919 EUR including VAT

The earliest date from 10.03.2025

Selection of dates
onas
Do you have a question?
+420 731 175 867 edu@edutrainings.cz

Professional
and certified lecturers

Internationally
recognized certifications

Wide range of technical
and soft skills courses

View soft skills courses

Great customer
service

Making courses
exactly to measure your needs

Course dates

Starting date: 10.03.2025

Type: Virtual

Course duration: 3 days

Language: en

Price without VAT: 2 412 EUR

Register

Starting date: 10.11.2025

Type: Virtual

Course duration: 3 days

Language: en

Price without VAT: 2 412 EUR

Register

Starting date: Upon request

Type: In-person/Virtual

Course duration: 3 days

Language: en

Price without VAT: 2 412 EUR

Register

Starting
date		 Place
Type Course
duration		 Language Price without VAT
10.03.2025 Virtual 3 days en 2 412 EUR Register
10.11.2025 Virtual 3 days en 2 412 EUR Register
Upon request In-person/Virtual 3 days en 2 412 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.

Contact

Course description

On completion of this course, participants should be able to:

  • Configure SOAR to receive alerts from ESM
  • Describe the SOAR workflow
  • Configure integrations
  • Configure filtering, classifying, consolidating and dispatching rules
  • Create workflow playbooks
  • Review system status
  • Run, schedule, and export reports

Target group

This course is designed for Security Content Developers, who may be Analysts or Administrators.

Course structure

Module 1: Introduction to ArcSight SOAR

  • Challenges Faced by Organizations
  • What Is ArcSight SOAR?
  • ArcSight SOAR Features.
  • Deployment Overview of ArcSight SOAR.
  • Accessing ArcSight SOAR

Module 2: Setting Up SOAR to Receive Alerts

  • Installing a Forwarding Connector on ESM
  • Configuring a Forwarding Connector User and Web User on ESM
  • Configuring a Pre-persistent Rule to Tag the Events Forwarded to SOAR
  • Adding an ESM Alert Source on SOAR
  • Adding an ESM Integration on SOAR

Module 3: Understanding the SOAR Workflow

  • Processing ESM Alerts with SOAR
    o Rule Name Filters
    o Classification
    o Consolidation
    o Dispatching Cases
  • Automating Case Handling by Using Playbooks

Module 4: SOAR Integrations Overview

  • SOAR Integrations Capabilities
  • Use Cases & Benefits
  • Integrating SOAR with MISP
  • Integrating SOAR with VirusTotal

Module 5: SOAR Users, Groups, SSO

  • Creating User Groups in Fusion
  • Creating Users in Fusion
  • Importing Existing Users from ESM
  • User Roles and Assigning Permissions
  • ACLs in SOAR

Module 6: SOAR Case Management

  • Understanding the SOAR Cases User Interface
  • Viewing Case Details
  • Managing Cases in SOAR

Module 7: Filtering, Classifying, Consolidating, and Dispatching Cases

  • Filtering Alerts for Case Creation
  • Classifying Cases on SOAR
  • Consolidating Alerts to Create Cases
  • Dispatching Cases

Module 8: Automating Responses with Workflow Playbooks

  • What are Playbooks?
  • Working with Playbooks
  • Workflow Playbooks
  • Scheduled Playbooks
  • Managing Triggers
  • Handling Manual Processes Through Tasks
  • Out of The Box Workflows

Module 9: SOAR System Status

  • Alerts
  • Action and Rollback Queues
  • Action History
  • Enrichment History
  • Process Queues
  • Troubleshooting

Module 10: Monitoring Using SOAR Dashboards and Reports

  • Reports in Fusion
  • ArcSight SOAR Standard Content Resources
  • Scheduling and Exporting Reports
  • Running SOAR Legacy Reports (Jasper Reports)

Prerequisites

This course assumes a familiarity working with ArcSight ESM but it is not required.

Do you need advice or a tailor-made course?

onas

product support

+420 731 175 867

edu@edutrainings.cz

ComGate payment gateway MasterCard Logo Visa logo