EncartaLabs

ArcSight ESM Security Analyst - AESA

( Duration: 5 Days )

The ArcSight ESM Security Analyst - AESA training course provides delegates with the knowledge required to use the ArcSight Console to monitor security events. Using ArcSight ESM workflow, they learn how to escalate security incidents for further analysis and remediation.

This course also provides them with the knowledge to build or use standard ArcSight ESM content to find and correlate event data, and perform actions such as notifying stakeholders, analyzing event data graphically and reporting on security incidents within their security environment.

By attending ArcSight ESM Security Analyst - AESA workshop, Participants will learn to:

  • Describe ArcSight ESM Product Components which collect, process, model, prioritize, correlate, monitor, analyze, store, and archive enterprise-generated events
  • Describe the ArcSight ESM Event Schema and how it normalizes base data into information for ArcSight Aggregation and Correlation to be used in Filters, Rules, Data Monitors, and Reporting
  • Navigate the ArcSight ESM Console and Web Components to effectively Correlate, Investigate, Analyze, and Remediate both exposed and obscure threats to give situational awareness and real time incident response

Knowledge of:

  • Common security device functions, such as IDS/IPS, Network and Host-based firewalls, etc.
  • Common network device functions, such as routers, switches, hubs, etc.
  • TCP/IP functions, such as CIDR blocks, subnets, addressing, communications, etc.
  • Windows operating system tasks, such as installations, services, sharing, navigation, etc.
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc.
  • Security directives, such as confidentiality, Integrity, Availability

COURSE AGENDA

1

ArcSight ESM: Overview

  • ArcSight ESM Roles
  • ArcSight ESM Components
  • ArcSight ESM Resources
  • SSL Communications
2

Introduction to ArcSight ESM Event Lifecycle

  • Event Lifecycle Overview
  • In-depth Explanation of Phase 1
  • In-depth Explanation of Phase 2
  • In-depth Explanation of Phase 3
  • In-depth Explanation of Phase 4
  • In-depth Explanation of Phase 5
  • In-depth Explanation of Phase 6
3

Using the ESM Console

  • Console Overview
  • Navigator Panel
  • Viewer/Grid Panel
  • Inspect/Edit Panel
  • Console Help
4

ArcSight ESM: Use Cases

  • Case Introduction and Overview
  • Workflows
  • Privileged User Monitoring Use Case
  • Perimeter Monitoring Use Case
5

Introduction to ArcSight ESM Event Schema

  • The Event Schema
  • Schema Definitions
6

Working with Events: Active Channels

  • Active Channel Components
  • Field Sets
  • Active Channels
  • Field Sets
7

Working with Events: Variables

  • Events: Variables
  • Variables with ESM Resources
  • Local Variables to Global Variables
  • Global Variables Among Multiple Resources

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top