ArcSight ESM 7.x Advanced Analyst

Popis kurzu

• Using the Use Case worksheet, document the use case



In this introductory course learners use the ArcSight console and ArcSight Command Center user interfaces to monitor security events, configure ESM, and manage users and as well as ESM network intelligence resources. Using ArcSight ESM workflow, participants isolate, document, escalate, and resolve security incidents.

Určeno pro

ESM System Administrators or Analysts

Obsah kurzu

Upon successful completion of this course, you should be able to:

• Make ArcSight ESM operational upon initial installation


• Describe how ESM works in the context of your network


• Create user accounts


• Implement built-in content


• Populate ESM with your network and assets to identify endpoints involved in an event


• Create site-specific business-oriented views


• Investigate, identify, analyze, and remediate exposed security issues


• Use workflow management to provide real-time incident response and escalation tracking


• Modify and run standard reports to provide situational awareness and network status


• Establish ESM peering across multiple ESM instances


• Perform distributed event search and content management

Předpoklady

Working knowledge of enterprise security, event and log management

Studijní materiály