ArcSight ESM 6.5 Advanced Analyst – ASE 2017-10-24T14:57:11+00:00

 

Whitepaper: SOC

ArcSight ESM 6.5 Advanced Analyst – ASE

Die Trainings finden in deutscher Sprache mit englischen Unterlagen statt. Weitere Termine können Sie gerne bei uns anfragen unter: info(at)knowledgegap.de

Seminarliste

Training Termin Zeit Sprache / Standort Preis (zzgl. MwSt.)

ESM 6.5 Advanced Analyst – ASE

24.04.-28.04.2017

9:00 – 17:00 Uhr

Deutsch
München

4.500,- €

ESM 6.5 Advanced Analyst – ASE

06.11.-10.11.2017

9:00 – 17:00 Uhr

Deutsch
München

4.500,- €

Description

This course provides you with the knowledge required to use advanced HP ArcSight ESM content to find and correlate event information, perform actions such as notifying stakeholders, analyze event data graphically, and report on security incidents within your security environment. You will familiarize and/or reinforce your understanding of the advanced correlation capabilities within ArcSight ESM that provide a significant edge in detecting active attacks. This course covers HP ArcSight security problem solving methodology using advanced HP ArcSight ESM content to find, track and remediate security incidents. During the training, you will learn to use variables and correlation activities, customize report templates for dynamic content, and customize notification templates to send the appropriate notification based upon specific attributes of an event.


Audience

This basic course is intended for operators\analysts, who need to:

  • Define their organization’s security objectives

  • Build or use advanced content to correlate, view and respond to those security objectives

Prerequisites:

To be successful in this course, you must have:

Completed the HP ArcSight ESM 6.5c SP1 Admin & Analyst training

Knowledge of:

  • Common security device functions, such as IDS/IPS, Network and Host-based firewalls, etc.
  • Common network device functions, such as routers, switches, hubs, etc.
  • TCP/IP functions, such as CIDR blocks, subnets, addressing, communications, etc.
  • Windows operating system tasks, such as installations, services, sharing, navigation, etc.
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc and possible abnormal activities, such as worms, Trojans, viruses, etc.
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc.
  • Security directives, such as Confidentiality,Integrity, Availability.

Certifications and Related Examinations

  • ArcSight ESM 6.5c SP1 Advanced Administrator


Course Objectives

Upon completion of this course, students will be able to:

  • Navigate HP ArcSight ESM Console and Command Center to correlate, investigate, analyze, and remediate both exposed and obscure threats
  • Construct HP ArcSight Variables to provide advanced analysis of the event stream
  • Develop HP ArcSight Lists and Rules to allow advanced correlation activities
  • Optimize event-based data monitors to provide real time viewing of event traffic and anomalies
  • Design new report templates and create functional reports
  • Find events through the search tools

Detailed course outline – Topics Covered

Module 1 – ArcSight ESM Overview

  • ESM Components
  • ArcSight Event Schema
  • Normalization Process
  • Seven Phases of Event Lifecycle

Module 2 – ArcSight Console

  • Toolbar Commands
  • Navigator Panel
  • Viewer Panel Views
  • ESM Console Help

Module 3 – ESM Active Channels

  • Active Channels
  • Field Sets

Module 4 – ESM Filters

  • Working with Filters

Module 5 – Data Monitors and Dashboards

  • Event Monitoring

Module 6 – Variable Customization

  • Benefits of Using Variables
  • Creating Variables
  • Promoting Local Variables
  • Use Cases with Variables

Module 7 – ESM Lists

  • Active and Session Lists

Module 8 – ESM Rules

  • Rules Overview
  • Conditions, aggregation, actions, and triggers
  • Lightweight and Per-persistence Rules

Module 9 – Query Viewers Authoring

  • Query Viewer Functions
  • Building a Trend

Module 10 – ESM Reports

  • Reports Overview
  • Report Workflow
  • Defining Data Sources
  • Best Practices Using Trends
  • Creating a Report
  • Special Types of Reports

Module 11 – Unified Event Search Tools

  • ArcSight Command Center Search Interface
  • Event Search Input
  • Search Results Display
  • Search Facilities

Anmeldung zum Training ArcSight ESM 6.5 Advanced Analyst – ASE


Felix Möckel
Datenschutzbeauftragter

Wir nehmen Datenschutz ernst! Deshalb informieren wir Sie, was mit Ihren Daten geschieht:

  • Daten aus Formularen und Webseiten-Tracking können von uns zur Analyse gespeichert werden
  • Die Daten können zur Optimierung der Webseite ausgewertet werden. Das ermöglicht es uns, besser zu verstehen, wo das Interesse unserer Besucher liegt. Wir benutzen primär Hubspot für dieses Tracking (mehr dazu finden Sie in der Erklärung auf unserer Datenschutzseite, siehe unten)
  • Wir geben Ihre Daten nicht an Dritte weiter. Im Rahmen von Veranstaltungen, an denen Sie teilnehmen möchten, kann es nötig sein, dass Ihre Daten an Vertragspartner übermittelt werden.

Weitere Details dazu, was wir mit den Daten tun und nicht tun finden Sie auf unserer Datenschutzseite, oder schreiben Sie mich bei Fragen direkt an!

iT-CUBE
X