Základní info
This course offers a comprehensive, hands-on introduction to ArcSight Recon for security analysts and threat hunters. It focuses on event search and reporting capabilities, hunting threats, and outlier detection.
Highlights:
- Create search queries using ArcSight schema fields, keywords, field sets, search operators, and hashtags.
- Use default content reports and dashboards to analyze events of interest, including MITRE ATT&CK content.
- Create reports and dashboards using data worksheets from scratch.
- Analyze event data using Recon tools in sample scenarios, such as uncovering ex-employee threats and detecting Log4j vulnerability.
- Use Recon tools to analyze historical events and identify undetected threats in a sample unstructured threat-hunting scenario.
- Build and score the outlier model and explain outlier’s analytics charts.
