Module 1: Deployment, Installation, and Initial Configuration
• Describe SOAR operating concepts
• Identify documentation and community resources
• Identify installation and upgrade options
• Describe SOAR architecture
• Configure licenses, administration, and product settings

Module 2: User Management
• Configure authentication options
• Add users
• Add roles

Module 3: Apps, Assets, and Playbooks
• Configure apps
• Configure assets
• Configure data ingestion assets
• Configure labels and SLAs
• Manage playbooks

Module 4: Analyst Queue
• Use the Analyst Queue
• Use search features
• Create filters
• Use the indicator view

Module 5: The Investigation Page
• Use the Investigation page to work on events
• Manually run actions and examine action results
• Manually run playbooks
• Use the file tab to store related files

Module 6: Case Management and Workbooks
• Use case management for complex investigations
• Use workbooks
• Mark items as evidence

Module 7: Customizations
• Customize severity levels
• Customize CEF fields
• Customize status values
• Customize workbooks
• Add global custom fields to containers

Module 8: System Maintenance
• Run reports
• Use system health displays
• Examine health logs

Module 9: Introduction to Playbooks
• Understand automation best practices
• Describe playbook capabilities
• Determine available app actions
• Use I2A2 design methodology

Module 10: Visual Playbook Editor
• Use the visual playbook editor
• Execute actions from a playbook
• Test new playbooks

Module 11: Logic, Filters, and User Interaction
• Use decision blocks
• Use filter blocks to process data
• Describe the use of different join options
• Interact with users during playbook execution

Module 12: Formatted Output and Data Access
• Use Format blocks to structure data
• Understand the structure of action results
• Compose datapaths to access data
• Use the utility block to modify containers

Module 13: Modular Playbook Development
• Design modular solutions with interacting playbooks
• Invoke child playbooks from a parent
• Exchange data between playbooks

Module 14: Custom Lists and Data Routing
• Create custom lists
• Access lists from playbooks
• Use filters to control data flow

Module 15: Configuring External Splunk Search
• Describe the benefits of externalizing search to Splunk
• Configure the SOAR instance for externalization
• Configure the Splunk instance for externalization
• Use reindex to push existing content to the Splunk instance
• Use the Splunk app for Phantom Reporting

Module 16: Integrating SOAR into Splunk
• Install the Splunk App for SOAR Export
• Send Enterprise Security notables to SOAR
• Install and configure the Splunk app in SOAR
• Use Splunk search from playbooks

Module 17: Custom Coding
• Describe when and when not to use the global block
• Use custom function blocks
• Write and test custom SOAR code

Module 18: Using REST
• Describe the capabilities of SOAR REST API
• Use Django queries to search for data in SOAR
• Use SOAR REST from other systems to access SOAR data