Building Security Use Cases with ArcSight ESM 7.x (ESM180)

 

Course Overview

Building Security Use Cases with ArcSight ESM provides you with detailed knowledge of the ArcSight security problem solving methodology, within the ESM context. In this course, you learn the methodologies to develop use cases for current business scenarios, derived from the top business drivers in the market. During the training, you will learn to:

  • Identify business drivers to develop Use Cases using ArcSight ESM
  • Identify Use Case problems and requirement statements associated with actual scenarios
  • Usingthe Use Case worksheet, document the Use Case
  • Develop ArcSight ESM content to accommodate Use Case discrete objectives

Who should attend

This advanced course is intended for those whose primary responsibilities include:

Defining organization’s security objectives Building ArcSight ESM content to adhere to those objectives

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Common network device functions, such as routers, switches, hubs, etc.
  • TCP/IP functions, such as CIDR blocks, subnets, addressing, communications, etc.
  • Windows operating system tasks, such as installations, services, sharing, navigation, etc.
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc.
  • Security directives, such as Confidentiality, Integrity, Availability

Course Objectives

Upon successful completion of this course, you should be able to:

  • In an ArcSight ESM context, define a Use Case
  • Using the Use Case worksheet,forman initial problem statement, generate requirement statements,and prioritize objectives
  • Identify data sources and ESM resources required to fulfilthe objectives of the Use Case
  • Create identified ESM content
  • Construct ArcSight Active Channels to provide advanced analysis of the event stream
  • Develop ArcSight Rules to allow correlation activities
  • Build event-based data monitors to provide real-time viewing of event traffic
  • Package formulated ESM content fortheUse Case into an ArcSight Resource Bundle

Course Content

Module 1: Defining Use Cases
  • DefineUse Cases
  • ExplainUse Case Benefits
  • DescribeUse Case Drivers and Problem Statements
  • DescribeArcSight ESM
Module 2: Building ArcSight Use Cases
  • Determine a data source for the Use Case
  • Analyze a Data Stream for the Use Case
  • Build content for the Use Case
  • Test, verify, and refine the Use Case
Module 3: Best Practice Considerations
  • Understand general practices
  • Describe Network Modelling
  • Understand ESM Content/Resource Development Practices
Module 4: Privileged Account Usage
  • Define a Use Case for a Privileged Account Usage:
    • Determine a data source for the Use Case
    • Analysea data stream for the Use Case
    • Build content for the Use Case
    • Test, verify, and refine the Use Case
Module 5: Suspicious Activities -Account Deletion Policy
  • Define a Use Case for an Account Deletion Policy:
    • Determine a data source for the Use Case
    • Analyze a data stream for the Use Case
    • Build content for the Use Case
    • Test, verify, and refine the Use Case
Module 6: Zero-Day Attack
  • Define a Use Case for a Zero-Day Attack:
    • Determine a data source for the Use Case
    • Analyze a data stream for the Use Case
    • Build content for the Use Case
    • Test, verify, and refine the Use Case
Module 7: Removable Media Policy
  • Define a Use Case for a Removable Media Policy:
    • Determine a data source for the Use Case
    • Analyze a data stream for the Use Case
    • Build content for the Use Case
    • Test, verify, and refine the Use Case
Module 8: Delivering ArcSight Solutions
  • Define ArcSight packages
  • Explain the ArcSight Customer Insight Packages (CIPs)
  • Describe ArcSight jumpstart packages
  • Identify ArcSight use case resources
Appendix A: Compliance Use Case FISMA
  • Define a Use Case for a Federal Information Security Management Act (FISMA):
    • Determine a data source for the Use Case
    • Analyze a data stream for the Use Case
    • Build content for the Use Case
    • Test, verify, and refine the Use Case
Appendix B: Compliance Use Case PCI
  • Define a Use Case for a Payment Card Industry (PCI):
    • Determine a data source for the Use Case
    • Analyze a data stream for the Use Case
    • Build content for the Use Case
    • Test, verify, and refine the Use Case
Appendix C: Compliance Use Case SOX
  • Define a Use Case for Sarbanes –Oxley (SOX):
    • Determine a data source for the Use Case
    • Analyze a data stream for the Use Case
    • Build content for the Use Case
    • Test, verify, and refine the Use Case

Preise & Trainingsmethoden

Online Training

Dauer
3 Tage

Preis (exkl. MwSt.)
  • 1.314,– €
Termine und Buchen
Termin anfragen
Classroom Training

Dauer
3 Tage

Preis (exkl. MwSt.)
  • Deutschland: 1.314,– €
  • Schweiz: 1.314,– €
Termine und Buchen
Termin anfragen

Derzeit gibt es keine Trainingstermine für diesen Kurs.