Course Description

Completely new to protective monitoring? Then this course offers an ideal starting point. This beginner course covers all the basics of protective monitoring and how to do it using Security Information and Event Management (SIEM). We’ll also dive into all the key aspects of threat modelling, including Threat Intelligence, Incident Response, and Monitoring, taking you on a journey from 'clueless' to 'clued-up.'

We’ll also take a deep dive into one of the most important processes in designing an effective monitoring solution: Use Cases. From planning to deployment, we shed light on why use cases should be a must for developing your SIEM solution.

This course is specifically tailored to the ArcSight product suite, so we’ll be covering the primary ArcSight components and how the architecture fits together.

Modules

1. Overview of Protective Monitoring

   • Understanding the Basics of Protective Monitoring

   • The Role of SIEM in Security Operations

   • Key Concepts in Threat Modelling

2. Use Case Development

   • How to Create a Use Case

   • Deployment and Evaluation

3. Overview of ArcSight Components (Including Demo videos)

   • SmartConnectors

   • ArcMC (ArcSight Management Center)

   • ArcSight Logger

   • ArcSight ESM

4. ArcSight Architecture and Typical Deployment

   • Basics of ArcSight Deployment

5. ArcSights Common Event Format (CEF)

   • What is CEF?

   • Grouping and Normalisation

Intended Audience

This course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight product suite within their environment.

Recommended Skills

• Familiarity working with command line tools

• Experience deploying applications in Windows and Linux environments

• Computer desktop, browser, and file system navigation skills