Detailed Course Outline
Module 1: Introduction to ESM Administration
- Describe each ESM system component
Module 2: ESM Distributed Components
- Recognize where ESM fits within the ArcSight Architecture
- Define each ESM operation modes, Compact and Distributed, and the issues ESM Distributed Mode comes to solve
- Describe the ESM Distributed Mode components
- Recognize the ArcSight Data Platform (ADP) and its components
Module 3: Installing ESM Distributed Mode
- Plan System Hardware Requirements
- Check Operating System Pre-Installation
- Install ESM Persistor Node
- Install ESM Correlator Aggregator Node
- Configure Integration of the Persistor Node
- Add Correlator Aggregator Services
- Configure Message Bus Data and Control Instances from Persistor
- Configure Repository Instances from Persistor
- Configure Distributed Cache on Correlator Aggregators
- Run Cert Admin Approveall
- Start All Cluster Wide Services from Persistor Node
Module 4: Maintaining ESM Properties Files and Upgrades
- Customize ArcSight ESM using Properties File
- Prepare System for an Upgrade
- Upgrade ESM
- Upgrade the ESM Console
Module 5: Installing the ESM Console
- Install the ESM Console
- Customize the ESM Console
- Describe Tools available in the ESM Console
Module 6: Installing SmartConnectors
- Describe how Connectors collect, normalize, and cache events
- Install and configure ArcSight SmartConnectors
- Identify Connector Command Scripts
- Describe how Connectors can be managed from an ESM Console, a Connector Appliance, or ArcSight Management Center
Module 7: Managing the Network Model
- List Network Model resources
- Describe Asset Model resources
- Add the following modelling resources:
- Assets
- Asset Ranges
- Zones
- Network and attach it to a connector
- Import Zone and Asset information with the Network Model wizard
- Explain the use of the Asset Import Connector
Module 8: Configuring SmartConnector Destinations
- Get SmartConnector Status
- Set SmartConnector Flow-Control
- Use SmartConnector Administrative Dashboards
- Configure SmartConnectors for Failover and Dual Destinations
Module 9: Installing the ESM Super and Syslog Connectors
- Installing and configure a Forwarding Connector
- Installing and configure a Syslog connector
Module 10: SmartConnectors Configurations and Advanced Features
- Configuring SmartConnectors using advanced features such as turbo mode, map files, event filtering, network options and event aggregation
- Constructing advanced configuration settings for optimal performance and data enrichment
Module 11: Command Center
- Logging onto the ArcSight Command Center
- Identifying functions and navigate the User Interface
- Using the ArcSight Command Center Help Facility
- Configure:
- Authentication
- Content
- Storage
- Appliances
- Identifying stock content dashboards
Module 12: Accessing Administrator Content
- Reviewing Administrator Reports, Dashboards and Filters
- Running and Archiving Reports
- Using Administrator Data Monitors
Module 13: Content Management and Peering
- Peering ESMS
- Performing Peer Searches
- Creating Packages and Pushing content to a Peer
Module 14: ESM User Administration and Notification
- Creating Users and setting User Notifications
- Managing Resource Permissions
- Accessing and Modifying Password Properties
- Configuring ArcSight Notifications
Module 15: ESM Certification Management
- Describing uses of SSL technology in ArcSight ESM
- Describing SSL setup options
- Keytool/keytoolgui
- Certadmin
- Identifying the steps to deploy:
- Self-signed Certificates
- Approve/revoke distributed mode Certificates
- CA (Certificate Authority)-signed Certificates
Module 16: ESM Backup and Restore
- Restoring the ESM Manager’s configurations
- Backing up and restoring ESM
- Describing CORR-E Daily Job Archiving