Scribd
Upload
43 views

Arcsight ESM-customized Day Wise Content

This document outlines the agenda for a 5-day training on the Arcsight security information and event management (SIEM) system. Day 1 covers introductions to SIEM, Arcsight components, deployment methodology, and smart connectors. Day 2 focuses on data collection, correlation, and administration. Day 3 is about analyzing Arcsight data through views, rules, and lists. Day 4 involves reports, queries, and network modeling. Day 5 introduces the Arcsight logger for data storage and searches.

Uploaded by

neoalt
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views

Arcsight ESM-customized Day Wise Content

This document outlines the agenda for a 5-day training on the Arcsight security information and event management (SIEM) system. Day 1 covers introductions to SIEM, Arcsight components, deployment methodology, and smart connectors. Day 2 focuses on data collection, correlation, and administration. Day 3 is about analyzing Arcsight data through views, rules, and lists. Day 4 involves reports, queries, and network modeling. Day 5 introduces the Arcsight logger for data storage and searches.

Uploaded by

neoalt
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Arcsight ESM

Day-1

Module-1: Introduction to SIEM

 What is SIEM
 SIEM Components
 Understanding ESM Sizing
 Deployment Methodology
 Licensing Microfocus SIEM

Module-2: Components

 ESM Anotomy
 Arcisght Manager & CORR-Engine storage
 User interfaces & Use cases
 Interactive Discovery & Pattern Discovery
 Getting The Software + ArcSight Console Simplified

Module-3: Deployment

 ESM installation
 Life Cycle of an Event Through ESM
 Console overview

Module-4: Smart connectors

 Types of Smart connectors


 Smart Connector Installation & ESM destination registration 
 Syslog connector
 Understanding Flex Connectors
 Understanding Forwarding connectors

Day-2

Module-5: Data collection

 Data Collection and Event Processing - Collect & Normalize Event Data
 Data Collection and Event Processing - Apply Event Categories
 Event categorization Utility
 Data Collection and Event Processing - Look up Customer and Zone in Network Mode
 Data Collection and Event Processing - Filter/Aggregate/Managing SmartConnector
 Filter and Aggregate Events
 Priority Evaluation and Network Model Lookup
 Workflow

Module-6: Correlation

 Correlation Overview & Filters & Rules


 How Rules Evaluated & Use Active/Session Lists
 Data Monitors
 Local and Global Variables & Velocity Templates
 Event Types

Module-7: administration

 ArcSight ESM Admin Authentication


 ArcSight ESM CORRE Back Up and Restore
 Managing CORRE Daily Partitions
 Using ArcSight Packages
 Maintaining CORRE System Health

Day-3: ESM analysis

Module-8: Viewing ArcSight ESM Data

 Using Active Channels


 Using Filters
 Using Variables
 Using Dashboards and Data Monitors
 Using Event Graphs
 Using Custom View Dashboards
 Creating Dashboards
 Customizing Dashboards

Module-9: ArcSight ESM Rules and Lists

 ESM Rules Basics


 Using Lists

Day-4:
Module-10: ArcSight ESM Reports and Query Viewers

 ESM Reports Overview


 Building Reports
 ArcSight Query Viewers

Module-11: ArcSight ESM Network Model

 ArcSight Network and Asset Model


 Network Model Wizard

Module-12: UEBA

 Generating user based reports


 Monitoring Health activities

Day-5: Arcsight logger

 Introduction to Logger
 Install and Initialize Logger Appliance
 Installing and Initialize Software Logger
 Navigating Logger
 Logger Configuration
 Configuring Logger Event Input and Output
 System Admin Settings
 Managing Users and Groups
 Event Search
 Search Tools
 Filters, Saves Searches & Scheduled Alerts
 Logger Reports

You might also like