Introduction To ArcSight ESM Training :
ArcSight ESM is an product designed for the security information & event management (SIEM). The HPE’s ArcSight ESM collects security log data from an enterprise’s security technologies, operating systems, applications & other log sources,& analyzes that data for the signs of compromise, attacks or other malicious activity. If anything malicious is detected, the product acts accordingly by generating the alerts to security administrators or initiating the automated response to stop the malicious activity. The ArcSight ESM offers all the basic SIEM security capabilities. In addition, it supports the use of third-party threat intelligence feeds from vendors such as the Norse to improve the accuracy of threat detection. The other additional security capabilities, such as network forensics features & the supplementation of existing host logging features, are not available through the HPE’s ArcSight ESM.
prerequisites for Arcsight ESM Training
- Common security device functions, such as IDS/IPS, Network and Host-based firewalls, etc.
- Common network device functions, such as routers, switches, hubs, etc.
- TCP/IP functions, such as CIDR blocks, subnets, addressing, communications, etc.
- Windows operating system tasks, such as installations, services, sharing, navigation, etc.
HP ArcSight ESM Online Course Content
Overview of ArcSight ESM
- Describe ArcSight ESM Roles
- Describe ArcSight ESM Components
- Explain ArcSight ESM Resources
- SSL Communications Description
ArcSight Event Schema
- Explain the Event Schema
- Outline Schema Definitions
- Overview of Event Lifecycle
- In-depth Explanation of Phase 1
- In-depth Explanation of Phase 2
- Phase 3 In-depth Explanation
- In-depth Explanation of Phase 4
- In-depth Explanation of Phase 5
- In-depth Explanation of Phase 6
- Provide a Console Overview
- Using the Navigator Panel
- Using the Viewer or Grid Panel
- Using the Inspect/Edit Panel
- Using the Console Help
Using Active Channels
- Active Channel Components
- Field Sets
- Creating an Active Channel
- Creating Field Sets
- Filters Explanation
- Using Filters in an Active Channel
- Debugging Active Channel Filters
- Explain Local & Global Variables & using with ESM Recoursces
- Promoting Local Variables to Global Variables
- Sharing Global Variables Among Multiple Resources
Dashboards and Data Monitors
- Explain Dashboards
- Using Data Monitors
- Creating the Dashboards
- Using Custom View Dashboards
- Explain Rules
- Describe Rule Actions & Triggers
- Describe Active Lists
- Describe Session Lists
- Explain Reports
- How to the Run Reports
- Building Basic Reports
- Building Complex Reports
- Query Viewers Explaination
- Building Query Viewer Summaries
- Building Query Viewer Drilldowns
- Using Baselines
- How Dashboards and Reports Interact with the Query Viewers
ESM Network Model
- Explain the ArcSight Network Model
- Explain Asset Modeling
- Using Network Model Wizard
- Describe workflow and functions of workflow resources
- Understand sequence of events in a workflow
- Case Creation
- Event Annotation
ArcSight ESM Web
- Home Display , View Dashboards & Reports
Overview of Arcsight ESM Training:
- Arcsight ESM Training provides you with an in-depth information about an the ArcSight ESM installation with the detailed instructions for the performing administrative related to the tasks within the ArcSight ESM.ArcSight ESM is an premiere security event manager that analyzes & also correlates every event in order to help your in the IT SOC team with security event monitoring, from the compliance & also risk management to security intelligence and operations.
- ESM sifts through a millions of log records, & correlates them to find the critical events that matter in the real time via dashboards, notifications, and reports, so you can accurately prioritize the security risks and compliance violations.
- The ArcSight ESM training platform is used to secure the world’s most of demanding organizations. ArcSight ESM monitors all the events across an enterprise, & also uses powerful correlation and analysis to identify the business & technology threats
Arcsight ESM Training objectives:
- This HP ArcSight ESM online course provides you with the knowledge required to use the advanced HP ArcSight ESM content to the find & also an correlate event information, to the perform actions such as the notifying stakeholders, analyze the event data graphically, and report on the security incidents within the your security environment.
- You will be familiarize and/or reinforce your understanding of an advanced correlation capabilities within the ArcSight ESM that provide an significant of a edge in detecting active attacks.
- This HP ArcSight ESM online course covers the HP ArcSight security problem solving methodology using the advanced HP ArcSight ESM content to find, track & also remediate security incidents.
- During the Arcsight ESM Training , you will be learning to use a variables and correlation activities, customize report the templates for the dynamic content, & also customize notification templates to the send the appropriate notification based upon specific attributes of an event.