EncartaLabs

ArcSight ESM - Administrator and Analyst

( Duration: 3 Days )

The ArcSight ESM - Administrator and Analyst training course provides comprehensive details of the HP ArcSight Enterprise Security Manager (ESM) solution. Delegates will explore the ArcSight Console, ArcSight Command Center, and ArcSight Web user interfaces used to monitor security events, configure ESM, and manage users and ESM network intelligence resources. They will walk through the ArcSight ESM workflow, where security events are isolated, documented, escalated, and resolved. Through scenario-based examples they will discover how to tailor standard ArcSight ESM content to acquire, search, and correlate actionable event data; and perform remedial activities such as incident analysis, stakeholder notification, and reporting security conditions within the network environment.

By attending ArcSight ESM - Administrator and Analyst workshop, Participants will learn to:

  • Make ArcSight ESM operational upon initial installation, creating user accounts and implementing built-in solutions content
  • Implement Network and Asset Modeling facilities to enable site-specific business-oriented views within your ArcSight ESM environment
  • Investigate, identify, analyze, and remediate exposed security issues using ArcSight ESM monitoring and detection features
  • Use workflow management to provide real-time incident response and escalation tracking
  • Modify and run standard reports to provide situational awareness and network status to enterprise stakeholders
  • Establish ESM peering to perform distributed event search and content management across multiple ESM instances

  • Computer desktop and network browser skills
  • TCP/IP networking, file system and database concepts
  • Enterprise security, event and log management experience is highly advantageous

  • Monitor, remediate, and report on security incidents using ArcSight ESM facilities
  • Use standard content to correlate, display and respond to identified issues in real time
  • Design, deploy and maintain ArcSight network, asset and user modeling for your cyber-infrastructure

COURSE AGENDA

1

Introduction to ArcSight ESM

  • ArcSight ESM User Roles
  • ArcSight Components
  • ArcSight Resources
  • SSL Communication
2

ArcSight Event Schema and Life Cycle

  • Intro to Event Schema
  • Data Collection and Event Processing
  • Network Model Lookup and Priority
  • Correlation Evaluation
  • Monitoring and Investigating
  • workflow
  • Incident Analysis and Reporting
  • Data Storage and Archive
3

ArcSight ESM Installation

  • Installing ArcSight ESM
  • System Content and packages
  • Upgrading ArcSight ESm
4

ArcSight Network Model

  • Network Model Resources
  • Asset Model Resources
  • Network Model Wizard
5

ArcSight ESM Console

  • Installing and Configuring the Console
  • Navigating the Console
  • Reference Resources
  • Console Preferences
6

ArcSight ESM Command Center

  • Accessing the Command Center
  • Navigating the Command Center
  • Command Center Administrative Functions
7

ArcSight Web Interference

  • Accessing ArcSight Web
  • Navigating ArcSight Web
8

Introduction to Event Searches

  • Search Query Elements
  • Search Techniques
  • Search Tools
  • Search Results
9

Filters and Saved Searches

  • Search Filters
  • Saved Searches
10

Rules and Lists

  • Rules
  • Lists
11

Active Channels

  • Active Channels Components
  • Field Sets
  • Creating Active Channels and Filter Sets
12

Event Filters

  • Using Filters in ESM Resources
  • Applying Filters in Active Channels
13

Dashboards and Data Monitors

  • Data Monitors
  • Dashboards
14

Query Viewers

  • Accessing Query Viewers
  • Running Queries
  • Viewing Query Results
15

Workflow Cases

  • Introduction to Cases
  • Creating and Managing Cases
16

Reports

  • Running Reports
  • Scheduling Reports
  • Managing Reports
17

User Administration

  • Users and User Groups
  • Configuring Users and User Groups
18

User Notifications

  • Introduction to Notifications
  • Configuring Notifications
  • System Alerts and Wine Daemons
19

ArcSight Standard Content

  • Introduction to Peer Feature in ESM
  • Configuring Peers
  • Content Management and Synchronization
20

Use Case Resources

  • Use Cases
  • Privileged User Monitoring
  • Perimeter Monitoring
21

ArcSight Support Resources

  • HP ArcSight Support Resources
  • Management Components
  • Sending Support Information

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top