Course Overview
In thisintroductory course you learn how to use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources. You will also be introduced to triaging and resolving cases with SOAR. The hands-on labs for this course use ESM version 7.6 and SOAR
Who should attend
This course is intended for:
- This course isintended for ESM System Administrators and Analysts.
Prerequisites
To be successful in this course, you should have the following prerequisites or knowledge:
- Working knowledge of enterprise security, event, and log management
Course Objectives
Upon successful completion of this course, you should be able to:
- Make ArcSight ESM operational upon initial installation
- Describe how ESM works in the context of your network
- Create user accounts
- Implement built-in content
- Populate ESM with your network and assets to identify endpoints involved in an event
- Create site-specific business-oriented views
- Investigate, identify, analyze, and remediate exposed security issues
- Use workflow management to provide real-time incident response and escalation tracking
- Modify and run standard reports to provide situational awareness and network status
- Establish ESM peering across multiple ESM instances
- Perform distributed event search and content management
Course Content
- Module 1: ESM Overview
- Module 2: Command Center
- Module 3: ESM Console
- Module 4: Connectors
- Module 5: ArcSight Marketplace
- Module 6: Dashboards & Data Monitors
- Module 7: Rules & Lists
- Module 8: User Administration
- Module 9: Notifications
- Module 10: Incident Response and Automation with SOAR
- Module 11: Queries & Query Viewers
- Module 12: Reports
- Module 13: Content Management & Peering
- Module 14: Event Search