Wir beraten Sie gerne!
+49 40 253346-10     Kontakt

ArcSight Logger Search and Reporting (LOG215)


Course Overview

This two-day class covers how to search and run reportswith ArcSight Logger. This course covers abriefoverview of ArcSight Logger, searching for events, using search tools, working with filters and saved searches, designing and generating reports, and designingreport dashboards.Please note this course is a subset of the Logger Administration and Operations course. This course coversonly the search and reporting modules from the Logger Administration and Operationscourse.

Who should attend

This course is intended for system analysts who need to search and run reportsusing ArcSight Logger.


To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic Logger knowledge or experience
  • Possible attackactivities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
  • Basic Windows operating systems tasks and functions

Course Objectives

Upon successful completion of this course, youshould be able to:

  • Explain how Logger processes event data
  • Enable peer Loggers for searching
  • Use the Search Builder tool as the common UI to create any queries, in any combination withpipeline operators
  • Save a query as a filter or a saved search, and retrieve it laterRun a report as a scheduled report job
  • Copy and save a customized report template tomeet your needs
  • Create and edit a report query
  • Design a new report dashboard

Course Content

1: Introduction to Logger
  • Describe the basic features and functions of Logger
  • Describe how different Logger models are used
  • Explain how Logger processes event data
  • Explain what CEF is and how it is used
2: Event Search
  • Explain how (at a high level) Logger searches events
  • Describe basic differences of how keyword, field-based, Regex, and pipeline searches are performed
  • Enable peer Loggers for searching
  • Use unified Search page to initiate any type of search
  • Use auto-complete feature to save time during data entry
  • Describe how search results are displayed
  • Narrow your search interactively using displayed results
  • Use wild cards in search queries
  • Explain how indexing improves search performance
  • Modify field indexing
3: Search Tools
  • Use the Search Builder Tool as the common user interface to create any queries, in any combination with pipeline operators
  • Customize and save field sets for customized results displays
  • Apply constraints to a search
  • Validate performance of a query using Search Analyzer
  • Run a search query and analyze results
  • Refine and rerun a search with the results display
  • Rerun a search at regular intervals using Auto Update
  • Describe the function of a static correlation
  • Use the Live Event Viewer to display real time raw events
4: Filters, Saves Searches & Scheduled Alerts
  • Save a query as a filter or a saved search, and retrieve it later
  • Describe the different types of filters used in Logger
  • Create, copy, edit, or delete a shared filter
  • Create and use search group filters
  • Change search parameters using Advanced Search Options
  • Search Logger from the ArcSight ESM Console
5: Logger Dashboards
  • Describe the types of panels on a Dashboard
  • Describe built-in Dashboards
  • Create and modify a Dashboard
6: Exploring Logger Reports
  • Use Navigation Explorers to locate pre-defined and user-created report resources
  • Run a report using Run, Quick Run, or Run in Background and describe the differences
  • Use time range, device/storage group, and peer logger constraints when running a report
  • Run a report as a scheduled report job
  • Publish or Email report results
  • Use Report Category Filters (SysAdmin)
  • Manage server properties and deploy report bundles (SysAdmin)
7: Designing Reports
  • Copy and save a customized report to your needs
  • Use the facilities of the Adhoc Report Designer page to modify a report design
  • Use the icons in header of a report display to edit its design
  • Copy and save a customized report template to your needs
  • Edit a report layout to adjust the fonts, colors, and arrangement you want
8: Generating Reports
  • Createand edit a report query
  • Explain differences between Logger search queries and Logger report queries
  • Use the SQL Editor to construct report queries
  • Customize query fields with hyperlinks, formatting, and formulas
  • Group query fields for reports
  • Specify mandatory filtering on pre-defined fields or user-specified fields
  • Create lookup values for field attributes
  • Create and use parameters and parameter groups
9: Using and Designing Report Dashboards
  • Modify the default home page for Reports to display a dashboard view
  • Design a new report dashboard
  • Configure and add Report and External Link widgets
  • Change the layout and contents of a report dashboard
  • Set preferences and views for report dashboards
  • Delete report dashboards and dashboard elements
Online Training

Dauer 2 Tage

Preis (exkl. MwSt.)
  • 880,– €
Classroom Training

Dauer 2 Tage

Preis (exkl. MwSt.)
  • Deutschland: 880,– €

Derzeit gibt es keine Trainingstermine für diesen Kurs.