ArcSight ESM 7.x.x Advanced Administrator - CSE

Popis kurzu

• Identify Use Case problems and requirement statements associated with actual scenarios



This course provides you with techniques to proactively analyze and troubleshoot the ESM 7.0 Database and Manager to provide efficient services to your organization. This course shows you how to design and deploy hierarchical, fault tolerant manager implementations as well integration strategies between ArcSight ESM and other ArcSight appliances such as Logger, Connector Appliance, Command Center and the other ArcSight products.

Určeno pro

This course is intended for Administrators who:

• Install, maintain, and troubleshoot ESM components


• Design and implement integrations between ArcSight ESM and other ArcSight appliances


• Proactively investigate the health of the ESM CORRE environment

Obsah kurzu

Upon successful completion of this course, you should be able to:

• Review ArcSight enterprise solutions
  
  
  
  • Hierarchical, high availability and fail over capabilities DCC
  
  
  
  


• Install multiple SmartConnectors to provide peer to peer and fail over connections


• Configure a hierarchical multi-manager setup using the ArcSight forwarding connector


• Configure ArcSight ESM CORRE to:
  
  
  
  • Provide password lock out criteria
  
  
  • Allow for larger log files
  
  
  • Provide for single session logins
  
  
  • Deploy a new ArcSight license
  
  
  • Custom Console functionality
  
  
  • Categorize specific network events
  
  
  • Import assets using the Asset Import FLEX Connector
  
  
  • Personalize the ArcSight Web interface
  
  
  
  


• Review the Manager and Connector to troubleshoot your ArcSight environment

Předpoklady

To be successful in this course, you should have the following prerequisites or knowledge:

• Common security devices such as IDS and firewalls


• Common network device functions, such as routers, switches, and hubs


• TCP/IP functions such as CIDR blocks, subnets, addressing, and communications


• Basic Windows operating system tasks and functions


• Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses


• SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards


• Completed the ArcSight ESM Administrator and Analyst course, or have at least 6 months experience administering ArcSight ESM

Studijní materiály

Návaznosti