EncartaLabs

ArcSight Logger Search and Reporting

( Duration: 1 Day )

The ArcSight Logger Search and Reporting training course provides Participants with task-focused training to quickly configure and use the Logger’s event search and reporting capabilities.

This course includes hands-on exercises on common functionality and procedures to take advantage of built-in product content as well as custom tailoring techniques to fulfill event search and reporting demands in enterprise security and operations log management environments.

By attending ArcSight Logger Search and Reporting workshop, Participants will learn to:

  • Explain and implement event indexing and use the Logger search builder to access field-based, full-text and regex-based event search facilities
  • Access and customize search field set display controls and search constraint criteria to refine and tune event search results
  • Use the Logger search builder to access unified event search facilities, save search queries as filters, saved searches, scheduled alerts, shared or search group filters
  • Access reporting resources to use pre-built reports, copy and customize reports, create report dashboards, and manage report groups and categories to control distribution and access to report objects and published information
  • Run reports as scheduled jobs, ad hoc, or as a background task, publish and archive results according to given distribution and retention criteria

Knowledge of:

  • Computer desktop, browser, and file system navigation skills
  • Basic understanding of TCP/IP networking and database concepts
  • Enterprise security experience [highly advantageous]

This course is intended for team members of security operations, network operations, as well as personnel responsible for auditing and compliance.

COURSE AGENDA

1

Introduction to Logger

  • Basic features and functionality
  • Logger form factors, models, speeds and feeds
  • Deployment scenarios, use cases
  • Basic architecture and data flow
2

Working with Search Queries

  • Query Expressions (Filters)
  • Time Range
  • Field Sets
  • Constraints
  • Running, Refining and Rerunning Searches
3

Reporting Functions

  • Types of Reports
  • Viewing Reports
  • Report Task Options
  • Report Administration
4

Generating Reports

  • Search Queries vs. Report Queries
  • Creating and Editing Queries for Reports
  • Using the SQL Editor
  • Report Query Field Attributes and Properties
  • Parameters and Parameter Groups
5

Searching and Indexing

  • Search UI
  • Unified Search and Pipeline Operator Facilities
  • Charts and Tables
  • Wild Cards
  • Auto-suggest
  • Indexing
6

Using Filters and Saved Searches

  • Saving and Retrieving a Query
  • Types of Filters
  • Managing Filters
  • Creating Saved Search Jobs
  • Saving and Exporting Search Results
  • Searching from the ESM Console
7

Designing Reports

  • Copying and Editing Reports
  • Using the Ad hoc Report Designer
  • Editing a report from its results display page
  • Customizing a report layout using the Ad hoc
  • Template Configuration

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top