By attending ArcSight ESM Operations workshop, Participants will learn to:
- Use the pre-configured capabilities built into ArcSight ESM, identify and investigate events that appear as potential security risks
- Document the results of your investigation to enable others to pursue further analysis
- Use a predefined workflow, notify analysts and/or escalate investigations
- Print basic reports of system health and incident investigation
- Use either the ArcSight Console or the ArcSight Web user interface
Knowledge of:
- Computer desktop, browser, and file system navigation skills
- Basic understanding of TCP/IP networking and database concepts
- Enterprise security experience [highly advantageous]
- Successfully completed Introduction to ArcSight Event Management
This course is intended for operators, who use ArcSight ESM to monitor daily security events and investigate events of interest to a level, where they are either dismissed or escalated to an Analyst or Administrator.