Wir beraten Sie gerne!
+49 40 253346-10     Kontakt

ArcSight ESM Administrator and Analyst (ESM200)


Course Overview

This course is a hands-on, five-day instructor-led course detailing Enterprise Security Manager (ESM) product facilities while performing related tasks on a live ArcSight ESM. Learners use the ArcSight Console and ArcSight Command Center interfaces to monitor security events, configure ESM, and manage users and ESM network intelligence resources. Using ArcSight ESM workflow, participants isolate, document, escalate, and resolve security incidents. This course enables tailoring standard ArcSight ESM content to acquire, search, and correlate actionable event data; and perform remedial activities such as incident analysis, stakeholder notification, and reporting security conditions within your network environment.

Who should attend

This course is intended for:

  • Monitor, remediate, and report on security incidents using ArcSight ESM facilities
  • Use standard content to correlate, display and respond to identified issues in real time
  • Design, deploy and maintain ArcSight network, asset and user modeling for your cyber-infrastructure


To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic Windows operating system tasks and functions
  • Knowledge of possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
  • Enterprise security, event and log management experience is highly advantageous

Course Objectives

Upon successful completion of this course, you should be able to:

  • Plan for ALM implementation
  • Make ArcSight ESM operational upon initial installation, creating user accounts and implementing built-in solutions content
  • Implement Network and Asset Modeling facilities to enable site-specific business-oriented views within your ArcSight ESM environment
  • Investigate, identify, analyze, and remediate exposed security issues using ArcSight ESM monitoring and detection features
  • Use workflow management to provide real-time incident response and escalation tracking
  • Modify and run standard reports to provide situational awareness and network status to enterprise stakeholders
  • Establish ESM peering to perform distributed event search and content management across multiple ESM instances

Course Content

  • Module 1: Introduction to ArcSight ESM
  • Module 2: ArcSight Event Schema and Lifecycle
  • Module 3: ESM Installation and Configuration
  • Module 4: ESM Console
  • Module 5: ArcSight Command Center
  • Module 6: ArcSight Web Interface
  • Module 7: Active Channels, Filters and Fieldsets
  • Module 8: Rules and Lists
  • Module 9: Dashboards and Data Monitors
  • Module 10: Query Viewers
  • Module 11: ESM Reports
  • Module 12: Workflow Cases
  • Module 13: User Administration
  • Module 14: User Notifications
  • Module 15: Use Case Resources
  • Module 16: ArcSight Content Management
  • Module 17: Event Search
  • Module 18: ArcSight Support Resources
Online Training

Dauer 5 Tage

Preis (exkl. MwSt.)
  • 2.200,– €
Classroom Training

Dauer 5 Tage

Preis (exkl. MwSt.)
  • Deutschland: 3.300,– €

Derzeit gibt es keine Trainingstermine für diesen Kurs.