Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

ArcSight ESM Administrator and Analyst

( Duration: 5 Days )

This ArcSight ESM Administrator and Analyst training course provides skills to use the ArcSight console and ArcSight Command Center user interfaces to monitor security events, configure ESM, and manage users and as well as ESM network intelligence resources. Using ArcSight ESM workflow, you will learn to isolate, document, escalate, and resolve security incidents.

By attending ArcSight ESM Administrator and Analyst workshop, delegates will learn to:

  • Make ArcSight ESM operational upon initial installation
  • Describe how ESM works in the context of your network
  • Create user accounts
  • Implement built-in content
  • Populate ESM with your network and assets to identify endpoints involved in an event
  • Create site-specific business-oriented views
  • Investigate, identify, analyze, and remediate exposed security issues
  • Use workflow management to provide real-time incident response and escalation tracking
  • Modify and run standard reports to provide situational awareness and network status
  • Establish ESM peering across multiple ESM instances
  • Perform distributed event search and content management

  • Working knowledge of enterprise security, event and log management

The ArcSight ESM Administrator and Analyst class is ideal for:

  • ESM System Administrators or Analysts

COURSE AGENDA

1

ESM Overview

  • List typical responsibilities and skill requirements for each ArcSight ESM User Role
  • Describe ESM Components
  • Identify ESM Communication Strategy used between various devices and components in an ESM Network
  • Identify various ESM Resources
2

Command Center

  • Use the ArcSight Command Center Help Facility
  • Navigate ArcSight Command Center functions
  • Reset your user password
3

ESM Console

  • Install, customize and explore the functionality of the ESM console
4

Connectors

  • Connectors gather data from various sources then send the data to ESM in the form of events.
5

ArcSight Marketplace

  • The Marketplace offers standard content packages you can install that address common business and security cases.
6

Schema, Fieldsets, & Active Channels

  • Create an Active Channel to display event information. Discuss the differences between a Live Channel, Rules Channel, and a Resource Channel.
7

Filters

  • Create a filter to narrow the data you want to monitor in ESM.
8

Dashboards & Data Monitors

  • Create Data Monitors and display them on Dashboards.
9

Rules & Lists

  • Discuss the types of rules, create a rule and apply it to a list.
10

User Administration

  • Create users and grant access to specific resources.
11

Notifications

  • Create a notification system to have various users notified when specified criteria is triggered.
12

Workflow & Cases

  • Discuss how people are informed about incidents and track their responses.
13

Queries & Query Viewers

  • Create a query viewer to get a quick, high-level summary of activity.
14

Reports

  • Create reports that can be printed or viewed.
15

Content Management & Peering

  • Content management gives you the ability to push ESM content in the form of packages from a single ESM Manager to a peer ESM known as subscriber.
16

Event Search

  • Search for specific events using simple to complex search techniques.

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X