Skip to main content

Splunk Training + Certification

Developing SOAR Playbooks

Course Description

This 9-hour introductory course prepares IT and security practitioners to plan, design, create and debug basic playbooks for SOAR. Students will learn fundamentals of SOAR playbook capabilities, creation and testing. This course is a pre-requisite for the Advanced SOAR Implementation course.

This course was previously available as Developing Phantom Playbooks.

Instructor-led Training Schedule

Course Prerequisites

Classes:
  • Administering SOAR (preferred)
  • SOAR video walkthroughs
Skills:
  • Experience with Python Programming

Course Topics

  • Automation best practices
  • The visual playbook editor
  • Using actions and decisions
  • Using action results
  • Testing and debugging playbooks
  • User interaction
  • Output formatting
  • Complex logic
  • Interacting with artifacts
  • Using the vault in a playbook
  • Custom lists

Course Objectives

Module 1 – Introduction to Playbooks

  • Understand automation best practices
  • Design playbooks
  • Python support
  • Use the playbook manager

 

Module 2 – Visual Playbook Editor

  • Use the visual playbook editor
  • Use actions and decisions
  • Process action results
  • Test new playbooks

 

Module 3 – User Interaction and Logic

  • Interact with users during playbook execution
  • Format outputs
  • Use decision blocks

 

Module 4 – Accessing and Formatting Data

  • Accessing action results
  • Accessing artifact and container data
  • Formatting data

 

Module 5 – Modular Playbook Development

  • Calling other playbooks
  • Creating artifacts
  • Sending email
  • Passing data between playbooks

 

Module 6 – Custom Lists and Filters

  • Custom list concepts
  • Create custom lists
  • Access lists from playbooks
  • Use filters