Click here for official OpenText CyberRes training courses

Course: TITAN-ARC-006

ArcSight: FlexConnector Development

Virtual Instructor Led / Self-Paced Training

Difficulty Rating

Course Duration: 1 Day

The participants will obtain certificates signed by Titan Labs (course completion).

Course Description

This course teaches you the essentials of ArcSight FlexConnector development, taking everything covered in the Troubleshooting Unparsed Events course and amplifying it!

Building on our TITAN-ARC-004: Troubleshooting Unparsed Events course, which offered a lightweight introduction to FlexConnectors, this course takes a deep dive into the nitty gritty of FlexConnectors. Students will gain an in-depth understanding of the architecture and components of the FlexConnector, including a host of advanced operations.

Students will also get hands-on creating their own FlexConnectors, and be trained up on using the ArcSight FlexConnector & Regex Tools.

Modules

  1. Overview of ArcSight SmartConnectors

    1. Understanding the SmartConnector Framework

    2. Where SmartConnectors sit in the ArcSight Architecture

  2. Introduction to FlexConnectors

    1. Different types of FlexConnector and when to use which

    2. The differences between SmartConnectors and FlexConnectors

  3. Installing your first FlexConnector

    1. Pre-requisites to installation

    2. Installing the connector

  4. ArcSight Schema

    1. What is it and why is it so important

    2. Schema Groups

  5. Components of a FlexConnector

    • What are the components of a FlexConnector

    • How to create each component

    • When would you need each component

  6. FlexConnector Development Tools

    • FlexAgent Wizard for simple setups

    • ArcSight Regex Tool

  7. Deep Dive into FlexConnector Parsers

    1. Regex Parsers

    2. Database parsers

    3. Time-based parsers

    4. SNMP parsers

    5. And more…

  8. Advance FlexConnector Operations

    • Multi-Line Parsing

    • Conditional Mappings

    • Extra Processors

  9. Guide to writing regex

Intended Audience

This course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight product suite within their environment.

Recommended Skills

Looking for Official OpenText Courses?

Find available CyberRes courses here