ArcSight ESM 6.5 Administrator and Analyst – ATP 2017-10-24T14:53:53+00:00

 

Whitepaper: SOC

ArcSight ESM 6.5 Administrator and Analyst – ATP

Die Trainings finden in deutscher Sprache mit englischen Unterlagen statt. Weitere Termine können Sie gerne bei uns anfragen unter: info(at)knowledgegap.de

Seminarliste

Training Termin Zeit Sprache / Standort Preis (zzgl. MwSt.)

ESM 6.5 Administrator and Analyst – ATP

13.03.-16.03.2017

9:00 – 17:00 Uhr

Deutsch
München

3.600,- €

ESM 6.5 Administrator and Analyst – ATP

25.09.-28.09.2017

9:00 – 17:00 Uhr

Deutsch
Frankfurt

3.600,- €


Description

HP ArcSight ESM 6.5 Administrator and Analyst training is a hands-on, four day instructor-led course detailing Enterprise Security Manager (ESM) product facilities while performing related tasks on a live ArcSight ESM. Learners use the ArcSight Console, ArcSight Command Center, and ArcSight Web user interfaces to monitor security events, configure ESM, and manage users and ESM network intelligence resources. Using ArcSight ESM workflow, participants isolate, document, escalate, and resolve security incidents. This course enables tailoring standard ArcSight ESM content to acquire, search, and correlate actionable event data; and perform remedial activities such as incident analysis, stakeholder notification, and reporting security conditions within your network environment.

Audience

This course is intended for any system administrator and/or analyst, who needs to:

  • Monitor, remediate, and report on security incidents using ArcSight ESM facilities
  • Use standard content to correlate, display and respond to identified issues in real time
  • Design, deploy and maintain ArcSight network, asset and user modeling for your cyber-infrastructure

Prerequisites

Recommended:

  • Computer desktop and network browser skills
  • TCP/IP networking, file system and database concepts
  • Enterprise security, event and log management experience is highly advantageous

Certifications and Related Examinations

  • ArcSight Security Solutions ATP


Course Objectives

Upon completion of this course, students will be able to:

  • Make ArcSight ESM operational upon initial installation, creating user accounts and implementing built-in solutions Content
  • Implement Network and Asset Modeling facilities to enable site-specific business-oriented views within your ArcSight ESM Environment
  • Investigate, identify, analyze, and remediate exposed security issues using ArcSight ESM monitoring and detection Features
  • Use workflow management to provide real-time incident response and escalation tracking
  • Modify and run standard reports to provide situational awareness and network status to enterprise stakeholders
  • Establish ESM peering to perform distributed event search and content management across multiple ESM instances

Detailed course outline – Topics Covered

Module 1 – Introduction to ArcSight ESM

  • User roles
  • ESM components, resources, and communications

Module 2 – ArcSight Event Schema and Lifecycle

  • Event schema groups
  • Event LifeCycle phases

Module 3 – ESM Installation and Configuration

  • Requirements and system preparations
  • First Boot and Network Model wizards
  • Enable bundled Content

Module 4 – ESM Console

  • Installing, logging on and Navigation

Module 5 – ArcSight Command Center

  • Utilizing the ArcSight Command Center

Module 6 – ArcSight Web Interface

  • Access the content and functionality available

Module 7 – Active Channels, Filters and Field Sets

  • View live events
  • Create an active channel and add field sets


Module 8
– Rules and Lists

  • Create and validate rules and lists


Module 9
– Dashboards and Data Monitors

  • Event monitoring using Dashboards


Module 10
– Query Viewers

  • Overview of query Viewers


Module 11
– ESM Reports

  • Defining, running and archiving reports

Module 12 – Workflow Cases

  • Define, access, and manage cases

Module 13 – User Administration

  • Administration of users

Module 14 – User Notifications

  • Functions, templates, and configuring
  • ArcSight Whine Daemon


Module 15
 – Use Case Resources

  • Create or modify resource content to fulfill solution objectives

Module 16 – ArcSight Content Management

  • Features, requirements, and configuration
  • Configuring ArcSight host Peers


Module 17
 – Event Search

  • Search interface, expressions, and filters
  • Search results display

Module 18 – HP ArcSight Support Resources

  • Access resources
  • Locate component logs to obtain status
  • Perform support activities

Anmeldung zum Training ArcSight ESM 6.5 Administrator and Analyst – ATP


Felix Möckel
Datenschutzbeauftragter

Wir nehmen Datenschutz ernst! Deshalb informieren wir Sie, was mit Ihren Daten geschieht:

  • Daten aus Formularen und Webseiten-Tracking können von uns zur Analyse gespeichert werden
  • Die Daten können zur Optimierung der Webseite ausgewertet werden. Das ermöglicht es uns, besser zu verstehen, wo das Interesse unserer Besucher liegt. Wir benutzen primär Hubspot für dieses Tracking (mehr dazu finden Sie in der Erklärung auf unserer Datenschutzseite, siehe unten)
  • Wir geben Ihre Daten nicht an Dritte weiter. Im Rahmen von Veranstaltungen, an denen Sie teilnehmen möchten, kann es nötig sein, dass Ihre Daten an Vertragspartner übermittelt werden.

Weitere Details dazu, was wir mit den Daten tun und nicht tun finden Sie auf unserer Datenschutzseite, oder schreiben Sie mich bei Fragen direkt an!

iT-CUBE
X