ArcSight ESM - Administrator and Analyst

( Duration: 3 Days )

The ArcSight ESM - Administrator and Analyst training course provides comprehensive details of the HP ArcSight Enterprise Security Manager (ESM) solution. Delegates will explore the ArcSight Console, ArcSight Command Center, and ArcSight Web user interfaces used to monitor security events, configure ESM, and manage users and ESM network intelligence resources. They will walk through the ArcSight ESM workflow, where security events are isolated, documented, escalated, and resolved. Through scenario-based examples they will discover how to tailor standard ArcSight ESM content to acquire, search, and correlate actionable event data; and perform remedial activities such as incident analysis, stakeholder notification, and reporting security conditions within the network environment.

By attending ArcSight ESM - Administrator and Analyst workshop, Participants will learn to:

  • Make ArcSight ESM operational upon initial installation, creating user accounts and implementing built-in solutions content
  • Implement Network and Asset Modeling facilities to enable site-specific business-oriented views within your ArcSight ESM environment
  • Investigate, identify, analyze, and remediate exposed security issues using ArcSight ESM monitoring and detection features
  • Use workflow management to provide real-time incident response and escalation tracking
  • Modify and run standard reports to provide situational awareness and network status to enterprise stakeholders
  • Establish ESM peering to perform distributed event search and content management across multiple ESM instances

  • Computer desktop and network browser skills
  • TCP/IP networking, file system and database concepts
  • Enterprise security, event and log management experience is highly advantageous

  • Monitor, remediate, and report on security incidents using ArcSight ESM facilities
  • Use standard content to correlate, display and respond to identified issues in real time
  • Design, deploy and maintain ArcSight network, asset and user modeling for your cyber-infrastructure



Introduction to ArcSight ESM

  • ArcSight ESM User Roles
  • ArcSight Components
  • ArcSight Resources
  • SSL Communication

ArcSight Event Schema and Life Cycle

  • Intro to Event Schema
  • Data Collection and Event Processing
  • Network Model Lookup and Priority
  • Correlation Evaluation
  • Monitoring and Investigating
  • workflow
  • Incident Analysis and Reporting
  • Data Storage and Archive

ArcSight ESM Installation

  • Installing ArcSight ESM
  • System Content and packages
  • Upgrading ArcSight ESm

ArcSight Network Model

  • Network Model Resources
  • Asset Model Resources
  • Network Model Wizard

ArcSight ESM Console

  • Installing and Configuring the Console
  • Navigating the Console
  • Reference Resources
  • Console Preferences

ArcSight ESM Command Center

  • Accessing the Command Center
  • Navigating the Command Center
  • Command Center Administrative Functions

ArcSight Web Interference

  • Accessing ArcSight Web
  • Navigating ArcSight Web

Introduction to Event Searches

  • Search Query Elements
  • Search Techniques
  • Search Tools
  • Search Results

Filters and Saved Searches

  • Search Filters
  • Saved Searches

Rules and Lists

  • Rules
  • Lists

Active Channels

  • Active Channels Components
  • Field Sets
  • Creating Active Channels and Filter Sets

Event Filters

  • Using Filters in ESM Resources
  • Applying Filters in Active Channels

Dashboards and Data Monitors

  • Data Monitors
  • Dashboards

Query Viewers

  • Accessing Query Viewers
  • Running Queries
  • Viewing Query Results

Workflow Cases

  • Introduction to Cases
  • Creating and Managing Cases


  • Running Reports
  • Scheduling Reports
  • Managing Reports

User Administration

  • Users and User Groups
  • Configuring Users and User Groups

User Notifications

  • Introduction to Notifications
  • Configuring Notifications
  • System Alerts and Wine Daemons

ArcSight Standard Content

  • Introduction to Peer Feature in ESM
  • Configuring Peers
  • Content Management and Synchronization

Use Case Resources

  • Use Cases
  • Privileged User Monitoring
  • Perimeter Monitoring

ArcSight Support Resources

  • HP ArcSight Support Resources
  • Management Components
  • Sending Support Information

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.