ArcSight ESM 5.0 Security Analyst
|Utrecht, April 15, 2013||5 days||Request information Register for this course|
|Utrecht, April 22, 2013||5 days||Request information Register for this course|
|Lancelot Institute In- Company and Customized Training Services||Request information|
|Partner with the Lancelot Institute||Request information|
The ArcSight ESM 5.0 Security Analyst course provides students with the required knowledge to use the ArcSight Console to monitor security events. It also teaches how to escalate security incidents through the ArcSight ESM 5.0 workflow for further analysis and remediation, how to build or use standard ArcSight ESM 5.0 content to find and correlate event information, perform actions such as notifying stakeholders, analyze event data graphically and report on security incidents within their security environment.
This course is intended for operators/analysts, who need to use the ArcSight ESM 5.0 Console to monitor, display and report on security incidents, build or use standard content to correlate, view and respond to security incidents and design, deploy and maintain the ArcSight network model to accurately build content, view and report on security incidents. At the end of this course, they will be able to:
- Describe ArcSight ESM 5.0 Product Components which collect, process, model, prioritize, correlate, monitor, analyze, store, and archive enterprise-generated events
- Describe the ArcSight ESM 5.0 Event Schema and how it is used to normalize base data into information for ArcSight Aggregation and Correlation to be used in Filters, Rules, Data Monitors, and Reporting
- Navigate the ArcSight ESM 5.0 Console and Web Components to effectively Correlate, Investigate, Analyze, and Remediate both exposed and obscure threats to give situational awareness and real time incident response
- Implement custom and stock Filters, Rules, Session Lists and Active Lists, and other ESM 5.0 content, along with using the Integrated Case Management and Workflow, to identify, categorize, and, if needed, escalate events of interest and manage event data streams flowing into ArcSight ESM 5.0.
- Implement Network and Asset Models to build a custom business-oriented view within an ArcSight ESM 5.0 environment using either the Network Modeling Wizard or manually.
Module 2 - ArcSight Event Schema
Module 4 - Using ESM Console
Module 5 - Using Active Channels
Module 6 - Using Filters
Module 7 - Using Variables
Module 8 - Using Dashboards and Data Monitors
Module 9 - ESM Rules
Module 10 - ESM Reports
Module 11 - Query Viewers
Module 12 - ESM Network Model
Module 13 - ESM Workflow
Module 14 - ArcSight ESM Web