EncartaLabs

ArcSight ESM Advanced Analyst - ASE

( Duration: 5 Days )

The ArcSight ESM Advanced Analyst - ASE training course provides delegates with the knowledge required to use advanced HP ArcSight ESM content to find and correlate event information, perform actions such as notifying stakeholders, analyze event data graphically, and report on security incidents. Delegates will familiarize and/or reinforce the understanding of the advanced correlation capabilities within ArcSight ESM that provide a significant edge in detecting active attacks. This course covers HP ArcSight security problem solving methodology using advanced HP ArcSight ESM content to find, track and remediate security incidents. During the training, they will learn to use variables and correlation activities, customize report templates for dynamic content, and customize notification templates to send the appropriate notification based upon specific attributes of an event.

By attending ArcSight ESM Advanced Analyst - ASE workshop, Participants will learn to:

  • Navigate HP ArcSight ESM Console and Command Center to correlate, investigate, analyze, and remediate both exposed and obscure threats
  • Construct HP ArcSight Variables to provide advanced analysis of the event stream
  • Develop HP ArcSight Lists and Rules to allow advanced correlation activities
  • Optimize event-based data monitors to provide real time viewing of event traffic and anomalies
  • Design new report templates and create functional reports
  • Find events through the search tools

Knowledge of:

  • HP ArcSight ESMc at Admin & Analyst levels
  • Common security device functions, such as IDS/IPS, Network and Host-based firewalls, etc.
  • Common network device functions, such as routers, switches, hubs, etc.
  • TCP/IP functions, such as CIDR blocks, subnets, addressing, communications, etc.
  • Windows operating system tasks, such as installations, services, sharing, navigation, etc.
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc and possible abnormal activities, such as worms, Trojans, viruses, etc.
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc.
  • Security directives, such as Confidentiality, Integrity, Availability.

  • Define their organization’s security objectives
  • Build or use advanced content to correlate, view and respond to those security objectives

COURSE AGENDA

1

ArcSight ESM Overview

  • ESM Components
  • ArcSight Event Schema
  • Normalization Process
  • Seven Phases of Event Lifecycle
2

ArcSight Console

  • Toolbar Commands
  • Navigator Panel
  • Viewer Panel Views
  • ESM Console Help
3

ESM Active Channels

  • Active Channels
  • Field Sets
4

ESM Filters

  • Working with Filters
5

Data Monitors and Dashboards

  • Event Monitoring
6

Variable Customization

  • Benefits of Using Variables
  • Creating Variables
  • Promoting Local Variables
  • Use Cases with Variables
7

ESM Lists

  • Active and Session Lists
8

ESM Rules

  • Rules Overview
  • Conditions, aggregation, actions, and triggers
  • Lightweight and Per-persistence Rules
9

Query Viewers Authoring

  • Query Viewer Functions
  • Building a Trend
10

ESM Reports

  • Reports Overview
  • Report Workflow
  • Defining Data Sources
  • Best Practices Using Trends
  • Creating a Report
  • Special Types of Reports
11

Unified Event Search Tools

  • ArcSight Command Center Search Interface
  • Event Search Input
  • Search Results Display
  • Search Facilities

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top