Detail kurzu
ESM320 – ArcSight ESM Advanced Analyst with Certification Exam
EDU Trainings s.r.o.
Popis kurzu
This course provides you with the knowledge required to use advanced ArcSight ESM content to find and correlate event information, perform actions such as notifying stakeholders, graphically analyze event data, and report on security incidents. You will familiarize and/or reinforce your understanding of the advanced correlation capabilities within ArcSight ESM that provide a significant edge in detecting active attacks.
This course covers ArcSight security problem solving methodology using advanced ESM content to find, track, and re-mediate security incidents. During the training, you will use variables and correlation activities, customize report templates for dynamic content, and customize Dashboards to monitor incidents.
The last day of class offers a hands-on exam. Passing the exam awards you with Certified Expert badge..
This course covers ArcSight security problem solving methodology using advanced ESM content to find, track, and re-mediate security incidents. During the training, you will use variables and correlation activities, customize report templates for dynamic content, and customize Dashboards to monitor incidents.
The last day of class offers a hands-on exam. Passing the exam awards you with Certified Expert badge..
Obsah kurzu
Module 1: Introduction to ESM ComponentsDescribe each of the ESM system components
Module 2: New Features
Describe the new product features introduced in ESM versions 2.x and 7.3.0
Module 3: ESM Distributed Components
Recognize where ESM fits within the ArcSight Architecture
Define each ESM operation modes,Compact and Distributed,and the issues ESM Distributed Mode comes to solve
Describe the ESM Distributed Mode components
Recognize the ArcSight Data Platform (ADP) and its components
Module 4: Installing ESM Distributed Mode
Plan System Hardware Requirements
Check Operating System Pre-Installation
Install
ESM Persistor Node
ESM Correlator Aggregator Node
Configure Integration of the Persistor Node
Add Correlator Aggregator Services
Configure
Message Bus Data and Control Instances from Persistor
Repository Instances from Persistor
Distributed Cache on Correlator Aggregators
Run Cert Admin Approveall
Start All Cluster Wide Services from Persistor Node
Module 5: Maintaining ESM Properties Files and Upgrades
Customize ArcSight ESM using Properties File
Prepare System for an Upgrade
Upgrade ESM
Upgrade the ESM Console
Module 6: Installing the ESM Console
Install the ESM Console
Customize the ESM Console
Describe Tools available in the ESM Console
Module 7: Installing SmartConnectors
Describe how Connectors collect,normalize,and cache events
Install and configure ArcSight SmartConnectors
Identify Connector Command Scripts
Describe how Connectors can be managed from an ESM Console,a Connector Appliance,or ArcSight Management Center
Module 8: Managing the Network Model
List Network Model resources
Describe Asset Model resources
Add the following modelling resources:
Assets
Asset Ranges
Zones
Network and attach it to a connector
Import Zone and Asset information with the Network Model wizard
Explain the use of the Asset Import Connector
Module 9: Configuring SmartConnector Destinations
Get SmartConnector Status
Set SmartConnector Flow-Control
Use SmartConnector Administrative Dashboards
Configure SmartConnectors for
Failover Destination
Dual Destinations
Module 10: Installing the ESM Super and Syslog Connectors
Install and configure a Forwarding Connector
Install and configure a Syslog connector
Module 11: SmartConnectors Configurations and Advanced Features
Configure SmartConnectors using advanced features such as turbo mode,map files,event filtering,network options and event aggregation
Construct advanced configuration settings for optimal performance and data enrichment
Module 12: Command Center
Log onto the ArcSight Command Center
Identify functions and navigate the User Interface
Use the ArcSight Command Center Help Facility
Configure
Authentication
Content
Storage
Appliances,
Identify stock content dashboards
Module 13: ESM Backup and Restore
Restore the ESM Manager’s configurations
Back up and restore ESM
Describe CORR-E Daily Job Archiving
Module 14: Certificate Management
Describe uses of SSL technology in ArcSight ESM
Describe SSL setup options
keytool/keytoolgui
certadmin
Identify the steps to deploy:
Self-signed Certificates
Approve/revoke distributed mode Certificates
CA (Certificate Authority)-signed Certificates
Cílová skupina
This course is intended for analysts responsible for:Defining their organization’s security objectives
Building or using advanced content to correlate, view and respond to those security objectives.
Certifikát
Na dotaz.
Hodnocení
Organizátor
Podobné kurzy
podle názvu a lokality