ArcSight Logger + 6.0 Administration and Operations – ASE (Instructor Led) 2017-10-24T15:20:10+00:00

 

ArcSight Logger + 6.0 Administration and Operations – ASE (Instructor Led)

 

Die Trainings finden in deutscher Sprache mit englischen Unterlagen statt. Termine können Sie gerne bei uns anfragen unter: info(at)knowledgegap.de oder gleich hier Ihren Wunschtermin anfordern >>

Description

ArcSight Logger Administration and Operations provides you with comprehensive training to quickly configure your Logger Appliance or Downloadable Software Logger and bring it into an operational state. Learning content is specifically intended for team members of security operations, network operations, auditing and compliance.

This course includes hands-on training exercises on common functionality and procedures to tailor and maintain ArcSight Logger. Leverage built-in product content out-of-the-box or further optimized to fulfill event search and reporting demands in enterprise security and operations log management environments.

Objectives

At the end of this course, you will be able to:

  • Initialize Logger Appliance or install Software Logger, establish network connection, implement initial Logger storage, retention policy, and event indexing.
  • Configure event source devices/device groups, event Receivers, Forwarders, Destinations, supporting security authentication settings, and optional connector management facilities.
  • Establish and manage Logger user/group controls, specify global login, password, resource authorization and authentication settings, alerts and notification policies.
  • Use the Logger search builder to access unified event search facilities, save search queries as filters, saved searches, scheduled alerts, shared or search group filters.
  • Access reporting resources to view pre-built reports, copy and customize reports, and manage report groups and categories to control distribution and access to report information.

Audience

This is a base-level course that provides specific content to perform system administrative and IT integration initial setup tasks for ArcSight Logger Appliance or Software form factors. Additional end-user topics are intended for team members of security operations, network operations, as well as personnel responsible for security auditing and compliance.

Prerequisites

To be successful in this course, you will have:

  • Computer desktop, browser, and file system navigation skills
  • TCP/IP networking, database concepts and enterprise security experience are highly advantageous

Topics

Module 1 – Introduction to Logger

  • Basic features and functionality
  • Logger form factors, models, speeds and feeds
  • Deployment scenarios, use cases
  • Basic architecture and data flow
  • Hardware and software specifications


Module 2
– Installing and Initializing Logger Appliance

  • Logger Installation and Initialization
  • Logging in to Logger
  • Setting up initial network connections (NICs)


Module 3
– Installing and Initializing Software Logger

  • Install and configure Software Logger
  • Perform Software Logger updates
  • Un-install Software Logger


Module 4
– Navigating Logger

  • Logger gauges, menu bar, help/options
  • Navigation and window controls
  • Structure of subtabs, menus, options, etc.


Module 5
– Logger Configuration Settings

  • Devices
  • Event Archives
  • Storage
  • Event Input/Output
  • Alerts
  • Scheduled Tasks
  • Filters
  • Saved Search
  • Search Optimization
  • Peer Loggers
  • Configuration Backup
  • System Maintenance
  • Retrieve Logs
  • Content Import


Module 6
– Configuring Event Input and Output

  • Receivers – CEF and raw event data capabilities
  • Forwarders and ESM Destinations
  • Devices and Device Groups
  • Event I/O SSL Certificates


Module 7
– System Admin Settings

  • System sub-menu
  • Logs sub-menu
  • Storage sub-menu
  • Security sub-menu


Module 8
– Managing Users and Groups

  • User Group Privileges
  • Managing User Groups
  • Managing Users
  • Managing User Authentication


Module 9
– Event Search

  • Search UI
  • Unified Search and Pipeline Operator Facilities
  • Wild Cards
  • Auto-suggest
  • Indexing


Module 10
– Search Tools

  • Query Expressions (Filters)
  • Time Ranges and Field Sets
  • Creating Queries using Search Builder
  • Pipeline Operators
  • Refining and Rerunning Searches
  • Live Event Viewer


Module 11
– Filters, Saved Searches, and Scheduled Alerts

  • Saving and Retrieving a Query
  • Types of Filters
  • Managing Filters
  • Creating Saved Search and Scheduled Alert Jobs
  • Saving and Exporting Search Results
  • Searching from the ESM Console


Module 12
– Logger Reports

  • Types of Reports
  • Viewing Reports
  • Report Task Options
  • Scheduling Reports Jobs
  • Report Administration


Module 13
– Designing Reports

  • Copying and Editing Reports
  • Using the Adhoc Report Designer
  • Editing a report from its results display page
  • Customizing a report layout using the Adhoc Template Configuration


Module 14
– Generating Reports

  • Search Queries vs. Report Queries
  • Creating and Editing Queries for Reports
  • Using the SQL Editor
  • Report Query Field Attributes and Properties
  • Parameters and Parameter Groups


Module 15
– Using and Designing Report Dashboards

  • About Dashboards
  • Dashboards and Report Home Pages
  • Creating a Report Dashboard


Module 16
– Alerts and Notifications

  • Configuring Notification Destinations
  • Configuring Realtime Alerts and Notifications
  • Viewing Alerts
  • Exporting Alerts


Module 17
– Import, Export, Backup, and Restore

  • Import and Export Logger alerts and queries
  • Backup and Restore Logger reports and configuration
  • Archiving Events
  • Retrieving Audit and Error Logs

Anmeldung zum Training ArcSight Logger + 6.0 Administration and Operations – ASE (Instructor Led)

 


Felix Möckel
Datenschutzbeauftragter

Wir nehmen Datenschutz ernst! Deshalb informieren wir Sie, was mit Ihren Daten geschieht:

  • Daten aus Formularen und Webseiten-Tracking können von uns zur Analyse gespeichert werden
  • Die Daten können zur Optimierung der Webseite ausgewertet werden. Das ermöglicht es uns, besser zu verstehen, wo das Interesse unserer Besucher liegt. Wir benutzen primär Hubspot für dieses Tracking (mehr dazu finden Sie in der Erklärung auf unserer Datenschutzseite, siehe unten)
  • Wir geben Ihre Daten nicht an Dritte weiter. Im Rahmen von Veranstaltungen, an denen Sie teilnehmen möchten, kann es nötig sein, dass Ihre Daten an Vertragspartner übermittelt werden.

Weitere Details dazu, was wir mit den Daten tun und nicht tun finden Sie auf unserer Datenschutzseite, oder schreiben Sie mich bei Fragen direkt an!

iT-CUBE
X