courseoutline_metadesc.tpl

ArcSight-ESM-Advanced Administrator with exam (ESM310-76) – Details

Detaillierter Kursinhalt

Module 1: ESM Overview
  • Identify ESM Architecture
  • Describe the content of the ArcSight Event Schema
  • List the phases of the ArcSight Event Lifecycle
  • Describe the event processing and schema population performed during each phase of the event lifecycle
  • List the resources and tools applicable to specific phases of the event lifecycle
Module 2: Command Center
  • Access the ArcSight ESM Command Center
  • Monitor Usage Metrics
  • View System Metrics
  • Use the SOC/MITRE Dashboards
  • Access and use Active Lists
  • Utilize Field Sets
Module 3: ArcSight Console
  • Launch the ArcSight Console
  • Identify toolbar components and their functions
  • List the different views available in the Viewer panel
  • Identify three methods to access Console Help
  • Describe the Reference Resources and their characteristics
  • Identify ESM Console preference options
  • Customize your ESM Console
Module 4: Active Channels
  • Create a new Active Channel
  • View the details of an event
  • Identify Dynamic and Static Active Channels
Module 5:Filters
  • Describe Filter types and usage
  • Add, edit and save Filters to an Active Channel
  • Define the Common Conditions Editor
Module 6: Variable Customization
  • Describe functions available in Variables
  • Create both Local and Global Variables
  • Promote Local to Global Variables
  • Share Global Variables among multiple resources
Module 7:Data Monitors and Dashboards
  • Identify Data Monitor types and functions
  • Create a Data Monitor
  • Access and Use Dashboards
  • Modify Dashboard Data Monitor Layouts
Module 8:ESM Lists
  • Describe the differences between Active and Session Lists
  • Create and validate Active and Session List integration Rules
Module 9: ESM Rules
  • Create and validate the following:
    • Rule behavior
    • Brute Force Login Attempt and Successful rules
    • Light Weight rules and Pre-Persistent rules
Module 10:Query Viewers Authoring
  • Define Queries
  • Describe Query Viewers
  • Explain the advantages of using Query Viewers
  • Create the following functions with Query Viewers
    • Drilldowns
    • Baselines
    • Reports
    • Dashboard views
Module 11:ESM Reports
  • List the components in the Report Workflow
  • List the different types of Reports
  • Run a Report from the Navigator panel
  • View an Archive Report from the Navigator panel
  • Set up a scheduled Report job
  • Build a custom Report
  • Build a custom Trend Report
Module 12:Unified Event Search Tools
  • Describe how keyword, field-based and pipeline searches are performed
  • Describe how search results are displayed
  • Use the unified Search page to initiate any type of search
  • Use Search Helper and Search Builder features to save time constructing search expressions
  • Load, modify, and save search filters and saved searches
  • Enable peer ESM and Logger instances for searching