Course Overview
Learn the essentialsof ArcSight Transformation Hubinstallment,deployment,and basic operations. This course is a good starting point for recognizing the ArcSight Data Platform (ADP) with a focus on Transformation Hub. You will learn aboutthe new ADP topology and how ArcSight Transformation Hubconsumes and produces event data, as well assuccessfully installing, deploying, and troubleshooting some common issuewith the Transformation Hubshutdown/reboot and installation. This course will cover building topics and partitions within Transformation HubUI, plus maintenance, and monitoring components and event flow through the ArcSight Installer UI and ArcMC.
Who should attend
This course is intended for Security Professionals, System Administrators, and end userswho are new to Transformation Hubin the ADPand who are responsible for maintenance and operations.
Prerequisites
To be successful in this course, you should have the following prerequisites or knowledge:
- High speed Internet connection
- Web browser (IE9+ or Firefox 8.5+), note: Chrome is not compatible
- Understanding of ArcSight ESM, SmartConnectors, Logger and Management Center
- Basic understanding of web technologies, such as IP addresses, network assets
- Basic understanding of Linux and Windows Command Line language
- Have an interest in cybersecurity
Course Objectives
Upon successful completion of this course, you should be able to:
- Install and deploy Transformation Huband its components(Producers and Consumers)
- Successfullytroubleshoot any installation or deployment issues
- InstallConnectorsand Collectors as Producers
- Configure ESM and Loggeras Consumers
- Navigateand maintainall systems from ArcMC topology views
- Operate Transformation Hubby adjusting data flow throughRouting, Topics, and Security
Course Content
Module 1: Transformation HubOverview
- Recognize the basic architecture and workflow of Transformation Hub
- Describe the different components that integrate into the Transformation Hubplatform and their functions
- Define how Transformation Hubworks with consumers and producers to create event data
Module 2: Install and Deployment
- Install and deploy all pre-install systems and Transformation Hub
- Describe the installer properties file
- Set up Kubernetes nodes
- Secure the Transformation Hubdeployment
- Configure Transformation HubMaster and Worker nodes
Module 3: Producing and Consuming Event Data in Transformation Hub
- Configure producers and consumers for event flow
- Create topics, partitions and Routes for TH
- Managing THevent data in the THUI
- Creating nodes on clusters
Module 4: Transformation HubOperations
- Managing Transformation Hub
- Deploy a CTH(Transformation Hubconnector)
- Edit and undeploy a CTH
- Adding THas a host
- Creating topics and partitions
- Configure event flow for security
Module 5: ArcMC Transformation HubManagement
- Set up the Transformation Hubas a host on ArcMC
- Configure and manage THnodes on ArcMC
- Create topics and routes for THon ArcMC
Module 6: Connector on Transformation Hub(CTH)
- Define the Connector on Transformation Hub(CTH) workflow
- Correctly install your Connector and ready Transformation Hubdeployment
Module 7: Kafka and Kubernetes in Transformation Hub
- Define the components of Apache Kafka
- Recognize how Kafka works with Zookeeper to manage brokers
- Define how messaging is produced and consumed
- Describe how messages in Kafka are categorized and assigned into topics and partitions
- Describe how Kubernetes provides a container-centric management environmentin Transformation Hub
- Define Kubernetespurpose and components, includingo
- Podo
- Nodeso
- Clusters
Module 8: Health Checks
- Configuring Graceful shutdown/reboot
- Resolving DNS issue
- Checking Cluster Health, Pod status, data flows
- Verify healthyKafka scheduler on Vertica, Web Services APIs, as well as Topic partitions and replications count
- Updating License
- AccessingLog files
Module 9: Troubleshooting
- Troubleshoot common issues with the Transformation Hubinstall
- Verify events are flowing
- Edit installer.propertiesfile where necessary
- Properly uninstall/reinstall Transformation Hub
- Additional issues with Docker, Kafka, and pod failures