Course Description

In this introductory course you learn how to use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources. You will also be introduced to triaging and resolving cases with SOAR.

Highlights:

• Investigate security events

• Configure security content

Upon successful completion of this course, you should be able to:

• Make ArcSight ESM operational upon initial installation

• Describe how ESM works in the context of your network

• Create user accounts • Implement built-in content

• Populate ESM with your network and assets to identify endpoints involved in an event

• Create site-specific business-oriented views

• Investigate, identify, analyze, and remediate exposed security issues

• Use workflow management to provide real-time incident response and escalation tracking

• Modify and run standard reports to provide situational awareness and network status

• Establish ESM peering across multiple ESM instances

• Perform distributed event search and content management

Modules

1. ESM Overview

2. Command Center

3. ESM Console

4. Installing and Configuring ArcSight Connectors

5. ArcSight Marketplace

6. Schema, Fieldsets, & Active Channels

7. Filters

8. Dashboards & Data Monitors

9. Rules & Lists

10. User Administration

11. Notifications

12. Incident Response and Automation with SOAR

13. Queries & Query Viewers

14. Reports

15. Content Management & Peering

16. Event Search

Intended Audience

This course is intended for ESM System Administrators and Analysts.

Recommended Skills

Working knowledge of enterprise security, event and log management