ArcSight Express 4.0 with CORR Engine Administration and Operations 2017-10-24T15:23:53+00:00

 

Whitepaper: SOC

ArcSight Express 4.0 with CORR Engine Administration and Operations

 

Die Trainings finden in deutscher Sprache mit englischen Unterlagen statt. Termine können Sie gerne bei uns anfragen unter: info(at)knowledgegap.de oder gleich hier Ihren Wunschtermin anfordern >>

Description:

HP ArcSight Express 4.0 with CORR Engine Administration and Operations provides you with comprehensive training for ArcSight Express. This course includes hands-on training exercises on packaged content and functionality for you to bring the ArcSight Express appliance into production environments.

Objectives

At the end of this course, you will be able to:

  • Use ArcSight Express built-in content, such as standard Channels, Filters, Rules, Active Lists and Reports, to make ArcSight Express ready to use upon initial installation
  • Configure Network and Asset Modeling to build custom business-oriented views within the ArcSight Express environment
  • Utilize ArcSight Express monitoring and detection features to isolate, investigate, analyze, and remediate exposed security issues to provide situational awareness and real time incident response
  • Configure ArcSight settings, system settings, and user resources appropriately
  • Create custom content
  • Access reporting resources to use pre-built reports, copy and customize reports, create report dashboards, and manage report groups and categories to control distribution and access to report objects and published Information

Audience

This course is intended for all users of the ArcSight Express appliance, including members of security operations, network operations, as well as those responsible for auditing and compliance. It is designed for users who need to:

  • Administer the ArcSight Express appliance
  • Perform IT integration tasks for the ArcSight Express Appliance
  • Utilize the Search and Report Query facilities

Prerequisites

To be successful in this course, you will have an understanding of:

  • Computer desktop, browser, and file system navigation skills
  • Basic understanding of TCP/IP networking and database concepts
  • Enterprise security experience [highly advantageous]

Topics

Module 1 – Introduction to ArcSight Express

  • ArcSight Roles
  • ArcSight Express Components
  • ArcSight ESM Resources
  • SSL Communications
  • Product Documentation

Module 2 – ArcSight Express Use Cases

  • Use Case Introduction and Overview
  • Workflows
  • Privileged User Monitoring Use Case
  • Perimeter Monitoring Use Case

Module 3 – Lifecycle of an Event through ArcSight ESM

  • Data Collection and Event Processing
  • Priority Evaluation and Network Modeling
  • Correlation Evaluation
  • Monitoring, Investigation and Workflow
  • Incident Analysis and Reporting

Module 4 – Introduction to the ArcSight Event Schema

  • Event Schema
  • Schema Group Definitions
  • ArcSight Network Model
  • Asset Modeling

Module 5 – ArcSight Web Management Console Overview

  • User Management
  • CORR-Engine (Storage) Management
  • Registered Connectors
  • Configuration and License Management
  • Authentication Options
  • Personal Settings

Module 6 – Using the ArcSight ESM Console

  • ESM Console Installation
  • ESM Console Usage
  • Post-installation Modifications and Preferences

Module 7 – Active Channels

  • Active Channel Features
  • Using Field Sets

Module 8 – Filters

  • Filter Types
  • Applying Filters within ESM Manager
  • Applying Filters in Connectors
  • Applying Filters in Active Channels
  • Filter Editor
  • Common Conditions Editor
  • Debugging Filters

Module 9 – Cases – Workflow

  • Cases Overview
  • Using the Cases Page

Module 10 – Dashboards and Data Monitors

  • Dashboard Resources
  • About Data Monitors
  • Dashboard Event Monitoring

Module 11 – ESM Rules and Lists

  • Using Active Lists
  • Rule Types
  • Rule Aggregation
  • Rule Triggers and Thresholds
  • Actions and List Tuning
  • Correlation Options
  • Session Lists

Module 12 – Running Reports

  • Report Runtime Definitions
  • Running and Archiving Reports
  • Managing Archived Reports
  • Focused Reports
  • Report Scheduling

Module 13 – Report Customization and Authoring

  • Report Definitions
  • Running Reports
  • Report Types
  • Report Tools

Module 14 – ArcSight Web Overview

  • Home Page
  • Web Dashboards
  • Web Reports
  • Web Active Channels
  • Web Cases
  • Notifications
  • ArcSight Web Online Help

Module 15 – Network Modeling Wizard

  • CSV Column Headers
  • Zones CSV File
  • Asset CSV File
  • Asset Range CSV File
  • DHCP/VPN Considerations

Module 16 – Administration of Users

  • Creating Users
  • Features of User Groups
  • Administration of ACL’s
  • ArcSight Password Policy

Module 17 – Notification Administration

  • Notification Process and Components
  • Notification Templates
  • Configuring Notifications
  • ArcSight Whine Daemon

Module 18 – Use Case Wrap-Up

  • Notification Process and Components
  • Privileged User Monitoring Use Case

Anmeldung zum Training ArcSight Express 4.0 with CORR Engine Administration and Operations

 


Felix Möckel
Datenschutzbeauftragter

Wir nehmen Datenschutz ernst! Deshalb informieren wir Sie, was mit Ihren Daten geschieht:

  • Daten aus Formularen und Webseiten-Tracking können von uns zur Analyse gespeichert werden
  • Die Daten können zur Optimierung der Webseite ausgewertet werden. Das ermöglicht es uns, besser zu verstehen, wo das Interesse unserer Besucher liegt. Wir benutzen primär Hubspot für dieses Tracking (mehr dazu finden Sie in der Erklärung auf unserer Datenschutzseite, siehe unten)
  • Wir geben Ihre Daten nicht an Dritte weiter. Im Rahmen von Veranstaltungen, an denen Sie teilnehmen möchten, kann es nötig sein, dass Ihre Daten an Vertragspartner übermittelt werden.

Weitere Details dazu, was wir mit den Daten tun und nicht tun finden Sie auf unserer Datenschutzseite, oder schreiben Sie mich bei Fragen direkt an!

iT-CUBE
X