ArcSight ESM Administrator and Analyst (ESM200)

Kursbeschreibung Kurstermine
 

Kursüberblick

This course is a hands-on, five-day instructor-led course detailing Enterprise Security Manager (ESM) product facilities while performing related tasks on a live ArcSight ESM. Learners use the ArcSight Console and ArcSight Command Center interfaces to monitor security events, configure ESM, and manage users and ESM network intelligence resources. Using ArcSight ESM workflow, participants isolate, document, escalate, and resolve security incidents. This course enables tailoring standard ArcSight ESM content to acquire, search, and correlate actionable event data; and perform remedial activities such as incident analysis, stakeholder notification, and reporting security conditions within your network environment.

Zielgruppe

This course is intended for:

  • Monitor, remediate, and report on security incidents using ArcSight ESM facilities
  • Use standard content to correlate, display and respond to identified issues in real time
  • Design, deploy and maintain ArcSight network, asset and user modeling for your cyber-infrastructure

Voraussetzungen

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic Windows operating system tasks and functions
  • Knowledge of possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
  • Enterprise security, event and log management experience is highly advantageous

Kursziele

Upon successful completion of this course, you should be able to:

  • Plan for ALM implementation
  • Make ArcSight ESM operational upon initial installation, creating user accounts and implementing built-in solutions content
  • Implement Network and Asset Modeling facilities to enable site-specific business-oriented views within your ArcSight ESM environment
  • Investigate, identify, analyze, and remediate exposed security issues using ArcSight ESM monitoring and detection features
  • Use workflow management to provide real-time incident response and escalation tracking
  • Modify and run standard reports to provide situational awareness and network status to enterprise stakeholders
  • Establish ESM peering to perform distributed event search and content management across multiple ESM instances

Kursinhalt

  • Module 1: Introduction to ArcSight ESM
  • Module 2: ArcSight Event Schema and Lifecycle
  • Module 3: ESM Installation and Configuration
  • Module 4: ESM Console
  • Module 5: ArcSight Command Center
  • Module 6: ArcSight Web Interface
  • Module 7: Active Channels, Filters and Fieldsets
  • Module 8: Rules and Lists
  • Module 9: Dashboards and Data Monitors
  • Module 10: Query Viewers
  • Module 11: ESM Reports
  • Module 12: Workflow Cases
  • Module 13: User Administration
  • Module 14: User Notifications
  • Module 15: Use Case Resources
  • Module 16: ArcSight Content Management
  • Module 17: Event Search
  • Module 18: ArcSight Support Resources
Classroom Training
Modality: G

Dauer 5 Tage

Preis (exkl. MwSt.)
  • Deutschland: 3.750,- €
Termine und Buchen
Online Training
Modality: U

Dauer 5 Tage

Preis (exkl. MwSt.)
  • Deutschland: 3.750,- €
Termine und Buchen
 
Zum Buchen bitte auf den Ortsnamen klicken Kurstermine
Deutschland
20.05. - 24.05.2019 München
16.09. - 20.09.2019 München
 

Cookies verbessern unsere Services. Durch die Benutzung unserer Website erklären Sie sich mit unserer Verwendung von Cookies einverstanden.   Verstanden.