Course Overview
This four-day course provides you with the knowledge required to use advanced ArcSight ESM content to find and correlate event information, perform actions such as notifying stakeholders, graphically analyze event data, and report on security incidents. You will familiarize and/or reinforce your understanding of the advanced correlation capabilities within ArcSight ESM that provide a significant edge in detecting active attacks.
This course covers ArcSight security problem solving methodology using advanced ESM content to find, track, and re-mediate security incidents. During the training, you will use variables and correlation activities, customize report templates for dynamic content, and customize Dashboards to monitor incidents.
Who should attend
This course is intended for Analysts and Content Engineers who:
- Define their organization’s security objectives
- Build or using advanced content to correlate, view and respond to those security objectives
Course Objectives
On completion of this course, you should be able to:
- Navigate ArcSight ESM console and command center to correlate, investigate, analyze, and remediate both exposed and obscure threats.
- Construct ArcSight variables to provide advanced analysis of the event stream.
- Develop ArcSight lists and rules to allow advanced correlation activities.
- Optimize event-based data monitors to provide real-time viewing of event traffic and anomalies.
- Design new report templates and create functional reports.
- Find events through the search tools.
Course Content
- Create ArcSight Variables
- Develop ArcSight Lists and Rules
- Create Data Monitors and Dashboards
English
Important notes for the booking of Open Text trainings
Please note that prepayment is required for participation in an Open Text training course. Participation in a training course is possible for 12 months after booking the course. Cancellations are excluded. For further information, please refer to our General Terms and Conditions.