Course Description

This course teaches you about the ArcSight SmartConnector framework, from understanding event sources and their logging options to installing the correct connector for the job!

Taking students on a journey from use case development and identifying data sources, through to testing, validation and deployment, this course will give students all the skills needed to onboard a new source from start to finish.

Modules

1. Establishing your Use Cases

   • Justifying the need for a new source

   • Consultation with key stakeholders

2. Identifying the Data Source(s)

   • Systems, devices or applications

   • Creating a plan

3. Installing an ArcSight Connector

   • Methods of installation

   • How to choose the right connector

4. Configuring the Connector Properties

   • Choosing the right settings

   • Configuring remote management

5. Defining Event Collection Policies

   • Event filtering, aggregation, transformation and more

6. Testing & Validating Connectors

   • Evaluating the output

   • Checking for unparsed events

7. Monitoring & Managing Connectors with ArcMC

Intended Audience

This course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight product suite within their environment.

Recommended Skills

• Familiarity working with command line tools

• Experience deploying applications in Windows and Linux environments

• Computer desktop, browser, and file system navigation skills

• Completion of TITAN-ARC-001: An Introduction to Protective Monitoring