Scribd
Upload
288 views2 pages

McAfee SIEM Course Content

The document outlines a 12 module course on McAfee Security Information and Event Management (SIEM). The modules cover topics such as SIEM and Enterprise Security Manager overviews, configuration of data sources and policies, event correlation, alarms and watch lists, workflows, reporting, and working with the Enterprise Log Manager component.

Uploaded by

John Manni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
288 views2 pages

McAfee SIEM Course Content

The document outlines a 12 module course on McAfee Security Information and Event Management (SIEM). The modules cover topics such as SIEM and Enterprise Security Manager overviews, configuration of data sources and policies, event correlation, alarms and watch lists, workflows, reporting, and working with the Enterprise Log Manager component.

Uploaded by

John Manni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

McAfee Security Information and Event Management (SIEM) Course Outline

Module 1: SIEM Overview


1. What is SIEM
2. How a SIEM is used
3. McAfee SIEM Architecture and Components
4. Deployment Scenarios and Sizing
Module 2: ESM Overview
1. McAfee Enterprise Security Manager (ESM)
2. System Properties and Information
3. Configuration Options and Settings
4. Software Updates
5. Backups
6. User and Group Administration
7. System Logs
8. Login Security
Module 3: Receiver Overview
1. McAfee Receiver
2. Properties and Information
3. Configuration Options and Settings
4. Vulnerability Assessment
5. Asset Sources
Module 4: ESMI Views
1. The Big Data Problem
2. Common Log Management Challenges
3. Content Aware Views
4. McAfee ESMI Desktop Components
5. McAfee Standard Views
6. Creating and Editing Custom Views
7. Data Binding
Module 5: Receiver Data Source
Configuration
1. Receiver Data Sources
2. Client Data Sources
3. Child Data Sources
4. Data Source Profiles
5. Auto Learn Data Sources
6. Configuring Common Data Sources
Module 6: Aggregation
1. Event Aggregation
2. McAfee Event Aggregation Levels
3. Custom field Event Aggregation
4. Flow Aggregation
5. Flow Aggregation Levels
6. Flow Port Aggregation
Module 7: Policy Editor
1. Policy Editor Overview
2. Policy Editor Navigation
3. Configuring McAfee SIEM Policies
4. Rule Types
5. Rule and Variable Configuration
6. Advanced Syslog Parser
Module 8: Correlation
1. The SIEM Functional Stack
2. Normalization
3. Event Correlation
4. Receiver Event Correlation Configuration
5. Add a correlation component
6. Roll out correlation policy
7. Edit correlation rules
8. Create custom correlation rules
9. McAfee ACE Overview
Module 9: Alarms and Watch lists
1. Alarms
2. Creating Alarms
3. Alarm Settings, Conditions and Actions
4. Alarm Logs
5. Triggered Alarms View
6. Watch lists
Module 10: SIEM Workflow
1. SIEM Workflows and Views
2. Example Investigation
3. Case Management
4. Event Forwarding
Module 11: Reporting
1. Reporting
2. Out of the Box Reports
3. Creating Reports
4. Customizing Reports
5. Report Query Wizard
6. Configuring Delivery of Reports
Module 12: Working with ELM
1. ELM Properties
2. ELM Terminology
3. Adding a ELM Device
4. Estimating ELM Storage
5. Configuring ELM and Storage Pools
6. ELM Compression
7. ELM Data Searching
8. ELM Integrity Checking
9. Enhanced ELM

You might also like