Security Automation with SOAR & Python

SOAR+Python实战：打造下一代安全自动化

本课程专为安全分析师与运维人员设计，从Python基础到SOAR与SIEM/XDR融合，涵盖IOC富化、钓鱼研判等生产级剧本，助你掌握API安全与ROI度量，实现向高价值自动化工程师的转型。

本课程专为安全分析师与运维人员设计，涵盖从Python基础到SOAR与SIEM/XDR架构融合的实战知识，并紧跟AI代理SOC趋势。学员将亲手构建涵盖IOC富化、钓鱼邮件研判等核心生产级剧本，旨在掌握API安全、容错设计及ROI度量，实现向高价值自动化安全工程师的转型。

Published 6/2026
Created by NEXUS ACADEMY
MP4 | Video: h264, 1920×1080 | Audio: AAC, 44.1 KHz, 2 Ch
Level: All Levels | Genre: eLearning | Language: English | Duration: 67 Lectures ( 8h 12m ) | Size: 3.2 GB

Build SOC automations with Python & SOAR playbooks: IOC enrichment, phishing triage, auto-containment & threat intel

What you’ll learn
⚡ Automate real SOC workflows with Python: IOC enrichment, phishing triage, alert deduplication and scoring, and auto-containment with approval gates
⚡ Explain what SOAR really means — orchestration, automation, and response — and how SOAR fits with SIEM and XDR
⚡ Use the Python security stack: requests for REST APIs, stix2 and taxii2-client for STIX/TAXII, PyMISP for MISP, and pandas for alert triage
⚡ Design reliable playbooks with triggers, conditional logic, error handling, idempotency, and human-in-the-loop approval gates
⚡ Run automation safely in production: secrets management, least-privilege API tokens, testing, monitoring, metrics and ROI, and governance
⚡ Security fundamentals: you should know what alerts, IOCs, and incident response are (SOC experience helpful but not required)

Requirements
❗ No Python or SOAR experience needed — Python is taught from the ground up; you just need a computer that can run Python 3
❗ SOC analysts moving into automation who want to stop drowning in repetitive alert toil

Description
“This course contains the use of artificial intelligence.”

Security teams are drowning in alerts, and the answer isn’t more dashboards — it’s automation. This hands-on course teaches you to automate real SOC workflows two ways: with portable Python code and with SOAR playbooks, so your skills transfer to any platform.

We start with the SOC toil problem and what SOAR really means — orchestration, automation, and response — and how it fits alongside SIEM and XDR. You’ll survey today’s SOAR landscape (Cortex XSOAR, Splunk SOAR, Tines, Torq, Microsoft Sentinel automation, and Google Security Operations) vendor-neutrally, and get an honest look at where the market is heading: hyperautomation and the agentic AI SOC, where static playbooks gain dynamic AI reasoning with human oversight.

Then you build. Python is taught from the ground up: data structures, JSON, error handling and logging, REST APIs with the requests library, authentication, rate limits, and secrets management. You’ll wrangle IOCs with pandas, automate threat intelligence with STIX/TAXII (stix2, taxii2-client) and PyMISP, and assemble playbooks with triggers, conditional logic, idempotency, and human-in-the-loop approval gates.

Real-world labs include a multi-source IOC enrichment tool, alert deduplication and severity scoring, an automated phishing triage playbook, auto-containment with approval gates, ticketing and notifications integration, an LLM enrichment step, and a multi-stage incident response capstone.

Throughout, guardrails come first: least-privilege API tokens, secrets management, sandbox testing before production, and approval gates for destructive actions. You’ll finish knowing how to test, version-control, deploy, monitor, and measure your automation — and how to design an automation strategy for your SOC.

No prior Python or SOAR experience required — just security fundamentals (alerts, IOCs, incident response). All labs run against sandbox and test instances.

Who this course is for
⭐ Security and automation engineers who want vendor-neutral SOAR skills and portable Python automations