The ArcSight ESM - Administrator and Analyst training course provides comprehensive details of the HP ArcSight Enterprise Security Manager (ESM) solution. Delegates will explore the ArcSight Console, ArcSight Command Center, and ArcSight Web user interfaces used to monitor security events, configure ESM, and manage users and ESM network intelligence resources. They will walk through the ArcSight ESM workflow, where security events are isolated, documented, escalated, and resolved. Through scenario-based examples they will discover how to tailor standard ArcSight ESM content to acquire, search, and correlate actionable event data; and perform remedial activities such as incident analysis, stakeholder notification, and reporting security conditions within the network environment.
By attending ArcSight ESM - Administrator and Analyst workshop, Participants will learn to:
- Make ArcSight ESM operational upon initial installation, creating user accounts and implementing built-in solutions content
- Implement Network and Asset Modeling facilities to enable site-specific business-oriented views within your ArcSight ESM environment
- Investigate, identify, analyze, and remediate exposed security issues using ArcSight ESM monitoring and detection features
- Use workflow management to provide real-time incident response and escalation tracking
- Modify and run standard reports to provide situational awareness and network status to enterprise stakeholders
- Establish ESM peering to perform distributed event search and content management across multiple ESM instances
- Computer desktop and network browser skills
- TCP/IP networking, file system and database concepts
- Enterprise security, event and log management experience is highly advantageous
- Monitor, remediate, and report on security incidents using ArcSight ESM facilities
- Use standard content to correlate, display and respond to identified issues in real time
- Design, deploy and maintain ArcSight network, asset and user modeling for your cyber-infrastructure