Introduction to CAQL Queries in Catalyst SOAR

Objective: To familiarize participants with the basics of CAQL (Catalyst Query Language) and its application in the Catalyst SOAR platform for efficient ticket filtering and playbook integration. Duration: 1 hour Context:CAQL, a subset of the ArangoDB Query Language (AQL), is a crucial component of the Catalyst SOAR platform. It is primarily used for filtering tickets … Read more

Exercise: Introduction to Using Templates in Catalyst SOAR

Level: Intermediate Context Templates in Catalyst can streamline the creation and management of recurring incidents.Given the recurring nature of some vulnerabilities in the SOC environment, templates can help in efficiently managing them. Learn to use templates in Catalyst for common incidents. You can use or your own lab. Excerpt Use Catalyst to conduct a … Read more

Exercise: Threat Hunting with Catalyst

Level: Intermediate Context Beyond the known vulnerabilities from the penetration test, there might be other threats lurking in the SOC environment.Proactive threat hunting can identify threats before they become incidents You can use or your own lab. Excerpt Use Catalyst to conduct a threat hunting exercise, identifying potential threats before they escalate. Learning Outcome … Read more

Exercise: Designing a Playbook in Catalyst

Level: Intermediate Context Playbooks provide a standardized response to common threats, ensuring consistency and efficiency. You can use or your own lab. Excerpt Design a playbook in Catalyst to handle a specific threat scenario, ensuring all steps are covered.With the recurring vulnerabilities in the Cloud environment, there’s a need for a standardized response. Design … Read more

Exercise: Ticketing System Integration in Catalyst

Level: Intermediate Context Integrating external systems, like ticketing systems, can streamline the incident response process.With the vulnerabilities identified in the cLOUD environment, there’s a need to integrate with the IT ticketing system to ensure that the IT team addresses the issues. Learn how to integrate and manage tickets related to these vulnerabilities in Catalyst. You … Read more

Exercise: Incident Creation and Management in Catalyst

Level: Intermediate Context Incidents provide a structured approach to managing and resolving threats.A penetration test on the Cloud IaaS environment has revealed potential data breaches. You need to create and manage incidents in Catalyst to ensure a structured response to these findings. You can use or your own lab. Excerpt Master the process of … Read more

Exercise: Creating and Managing Alerts in Catalyst

Level: Intermediate Context Alerts are the first line of defense in identifying potential threats. Efficiently managing them is crucial.After a recent penetration test on Opple Tech’s Azure environment, several vulnerabilities were identified. As an analyst, you need to create alerts for these vulnerabilities to ensure they are addressed promptly. You can use or your … Read more

Exercise: Introduction to Catalyst SOAR and Dashboard

Level: Intermediate Context As a new SOC analyst at Opple Tech, you’ve been informed of potential vulnerabilities in the company’s Azure IaaS environment. Before diving into the specifics, you need to familiarize yourself with the Catalyst tool, which will be instrumental in managing and responding to any identified threats on a daily basis. You can … Read more