Call : (+91) 99 8080 3767
Mail : info@EncartaLabs.com
EncartaLabs

ArcSight ESM Operations

( Duration: 2 Days )

By attending ArcSight ESM Operations workshop, Participants will learn to:

  • Use the pre-configured capabilities built into ArcSight ESM, identify and investigate events that appear as potential security risks
  • Document the results of your investigation to enable others to pursue further analysis
  • Use a predefined workflow, notify analysts and/or escalate investigations
  • Print basic reports of system health and incident investigation
  • Use either the ArcSight Console or the ArcSight Web user interface

Knowledge of:

  • Computer desktop, browser, and file system navigation skills
  • Basic understanding of TCP/IP networking and database concepts
  • Enterprise security experience [highly advantageous]
  • Successfully completed Introduction to ArcSight Event Management

This course is intended for operators, who use ArcSight ESM to monitor daily security events and investigate events of interest to a level, where they are either dismissed or escalated to an Analyst or Administrator.

COURSE AGENDA

1

Introduction

2

Navigating the Console

  • Menus and Toolbars
  • Using Menus
  • Using Context (Right-Click) Menus
  • Using the Toolbars
3

Filtering Events

  • What are Filters?
  • Using Inline Filters
  • Using Predefined Filters
  • Filtering Using the Radar Display
4

Analyzing Potential Threats

  • Knowledge Base Articles
  • Reference Pages
  • Active Lists
  • Investigative Tools
  • Query Viewer
5

Console Views

  • ArcSight ESM Console Overview
  • Relationship of the Console Panels
  • Using the Navigator Panel
  • Using the Viewer Panel
  • Using the Inspect/Edit Panel
  • Refining Your Views
  • Using Field Sets
6

Working with Resources

  • Standard ArcSight ESM Content
  • About Resources
  • Resource Group Descriptions
7

Examining Events

  • Examining Events from the Viewer Grid
  • Investigating Event Details
  • Modifying Views
  • Broadening Your Investigation
  • Monitoring Correlation Events
8

Documenting Events

  • Workflow Stages in ArcSight ESM
  • Cases and Annotations
  • Using Annotations
  • Using Cases

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top