Detail kurzu

ESM320 – ArcSight ESM Advanced Analyst with Certification Exam

EDU Trainings s.r.o.

Popis kurzu

This course provides you with the knowledge required to use advanced ArcSight ESM content to find and correlate event information, perform actions such as notifying stakeholders, graphically analyze event data, and report on security incidents. You will familiarize and/or reinforce your understanding of the advanced correlation capabilities within ArcSight ESM that provide a significant edge in detecting active attacks.
This course covers ArcSight security problem solving methodology using advanced ESM content to find, track, and re-mediate security incidents. During the training, you will use variables and correlation activities, customize report templates for dynamic content, and customize Dashboards to monitor incidents.
The last day of class offers a hands-on exam. Passing the exam awards you with Certified Expert badge..

Obsah kurzu

Module 1: Introduction to ESM Components

Describe each of the ESM system components

Module 2: New Features

Describe the new product features introduced in ESM versions 2.x and 7.3.0

Module 3: ESM Distributed Components

Recognize where ESM fits within the ArcSight Architecture
Define each ESM operation modes,Compact and Distributed,and the issues ESM Distributed Mode comes to solve
Describe the ESM Distributed Mode components
Recognize the ArcSight Data Platform (ADP) and its components

Module 4: Installing ESM Distributed Mode

Plan System Hardware Requirements
Check Operating System Pre-Installation
Install

ESM Persistor Node
ESM Correlator Aggregator Node


Configure Integration of the Persistor Node
Add Correlator Aggregator Services
Configure

Message Bus Data and Control Instances from Persistor
Repository Instances from Persistor
Distributed Cache on Correlator Aggregators


Run Cert Admin Approveall
Start All Cluster Wide Services from Persistor Node

Module 5: Maintaining ESM Properties Files and Upgrades

Customize ArcSight ESM using Properties File
Prepare System for an Upgrade
Upgrade ESM
Upgrade the ESM Console

Module 6: Installing the ESM Console

Install the ESM Console
Customize the ESM Console
Describe Tools available in the ESM Console

Module 7: Installing SmartConnectors

Describe how Connectors collect,normalize,and cache events
Install and configure ArcSight SmartConnectors
Identify Connector Command Scripts
Describe how Connectors can be managed from an ESM Console,a Connector Appliance,or ArcSight Management Center

Module 8: Managing the Network Model

List Network Model resources
Describe Asset Model resources
Add the following modelling resources:

Assets
Asset Ranges
Zones
Network and attach it to a connector


Import Zone and Asset information with the Network Model wizard
Explain the use of the Asset Import Connector

Module 9: Configuring SmartConnector Destinations

Get SmartConnector Status
Set SmartConnector Flow-Control
Use SmartConnector Administrative Dashboards
Configure SmartConnectors for

Failover Destination
Dual Destinations



Module 10: Installing the ESM Super and Syslog Connectors

Install and configure a Forwarding Connector
Install and configure a Syslog connector

Module 11: SmartConnectors Configurations and Advanced Features

Configure SmartConnectors using advanced features such as turbo mode,map files,event filtering,network options and event aggregation
Construct advanced configuration settings for optimal performance and data enrichment

Module 12: Command Center

Log onto the ArcSight Command Center
Identify functions and navigate the User Interface
Use the ArcSight Command Center Help Facility
Configure

Authentication
Content
Storage
Appliances,


Identify stock content dashboards

Module 13: ESM Backup and Restore

Restore the ESM Manager’s configurations
Back up and restore ESM
Describe CORR-E Daily Job Archiving

Module 14: Certificate Management

Describe uses of SSL technology in ArcSight ESM
Describe SSL setup options

keytool/keytoolgui
certadmin


Identify the steps to deploy:

Self-signed Certificates
Approve/revoke distributed mode Certificates
CA (Certificate Authority)-signed Certificates

Cílová skupina

This course is intended for analysts responsible for:

Defining their organization’s security objectives
Building or using advanced content to correlate, view and respond to those security objectives.
Certifikát Na dotaz.
Hodnocení




Organizátor



Další termíny kurzu
Termín Cena Místo konání Zarezervovat