Course Overview
This course provides you with techniques to proactively analyze and troubleshoot the ESM CORR-engine database and ArcSight ESM Manager to provide efficient services to your organization. This course teaches you to design and deploy hierarchical, fault tolerant manager implementations as well integration strategies between ArcSight ESM and other ArcSight appliances such as Logger, Connector Appliance, and the ArcSight Management Center products.
Who should attend
This course is intended for any system administrators who need to:
- Install, administer, maintain and troubleshoot ArcSight ESM components
- Design and implement integrations between ArcSight ESM and other ArcSight appliances
- Proactively investigate the health of the ArcSight ESM CORRE environment
Prerequisites
To be successful in this course, you will have:
- Common security devices such as IDS and firewalls
- Common network device functions, such as routers, switches, and hubs
- TCP/IP functions such as CIDR blocks, subnets, addressing, and communications
- Basic Windows operating system tasks and functions
- Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
- SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
- Completed the ArcSight ESM Administrator and Analyst ATP course or 6 months experience administering ArcSight ESM
Course Objectives
Upon successful completion of this course, you should be able to:
- Design, deploy and configure an ArcSight ESM multi-manager layout for high-availability and fail-over
- Assess and implement integration strategies for ArcSight ESM and ArcSight appliances
- Provide credentials for ArcSight ESM including RADIUS and LDAP/AD
- Use available ArcSight and Oracle tools to investigate the health of your installation
- Implement ArcSight best practices for backup and recovery for an Oracle 10g database
Course Content
- Module 1: CORRE Architecture
- Module 2: Using CORRE with ArcSight Appliances
- Module 3: Installing ESM
- Module 4: Installing and Navigating the ESM Console
- Module 5: Installing Connectors
- Module 6: Event Flow using the ESM Console
- Module 7: Managing the Network Model
- Module 8: Administering Users and Groups
- Module 9: SmartConnector Status and Configuring Destinations
- Module 10: Configuring ArcSight SmartConnectors
- Module 11: SmartConnector Advanced Features
- Module 12: Installing FlexConnectors
- Module 13: ArcSight Forwarding Connectors
- Module 14: Managing SSL Certificates
- Module 15: Using the ArcSight Command Center
- Module 16: Administrative Dashboards
- Module 17: Creating Notifications
- Module 18: ArcSight ESM Admin Authentication
- Module 19: Maintaining CORRE System Health
- Module 20: Using the ArcSight Packages
- Module 21: Content Management
- Module 22: Patching CORR-Engine
- Module 23: CORRE Daily Archiving
- Module 24: ArcSight ESM CORRE Backup and Restore
- Module 25: Working with HPE ArcSight Support