The ArcSight ESM Security Analyst - AESA training course provides delegates with the knowledge required to use the ArcSight Console to monitor security events. Using ArcSight ESM workflow, they learn how to escalate security incidents for further analysis and remediation.
This course also provides them with the knowledge to build or use standard ArcSight ESM content to find and correlate event data, and perform actions such as notifying stakeholders, analyzing event data graphically and reporting on security incidents within their security environment.
By attending ArcSight ESM Security Analyst - AESA workshop, Participants will learn to:
- Describe ArcSight ESM Product Components which collect, process, model, prioritize, correlate, monitor, analyze, store, and archive enterprise-generated events
- Describe the ArcSight ESM Event Schema and how it normalizes base data into information for ArcSight Aggregation and Correlation to be used in Filters, Rules, Data Monitors, and Reporting
- Navigate the ArcSight ESM Console and Web Components to effectively Correlate, Investigate, Analyze, and Remediate both exposed and obscure threats to give situational awareness and real time incident response
Knowledge of:
- Common security device functions, such as IDS/IPS, Network and Host-based firewalls, etc.
- Common network device functions, such as routers, switches, hubs, etc.
- TCP/IP functions, such as CIDR blocks, subnets, addressing, communications, etc.
- Windows operating system tasks, such as installations, services, sharing, navigation, etc.
- Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.
- SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc.
- Security directives, such as confidentiality, Integrity, Availability