Course: ESM320-76-CE

ArcSight ESM Advanced Analyst with Certified Expert Exam

Virtual Instructor Led Training

Authorised OpenText Trainer

Difficulty Rating

Course Duration: 5 Days

The participants will obtain certificates signed by OpenText (course completion).

The exam is administered on the last day of the instructor-led class and is a hands-on, performance based exam. The VILT offering does not include a certification exam.

Course Description

This course provides you with the knowledge required to use advanced ArcSight ESM content to find and correlate event information, perform actions such as notifying stakeholders, graphically analyze event data, and report on security incidents. You will familiarize and/or reinforce your understanding of the advanced correlation capabilities within ArcSight ESM that provide a significant edge in detecting active attacks.

This course covers ArcSight security problem solving methodology using advanced ESM content to find, track, and re-mediate security incidents. During the training, you will use variables and correlation activities, customize report templates for dynamic content, and customize Dashboards to monitor incidents.

The last day of class offers a hands-on exam. Passing the exam awards you with Certified Expert badge.

Upon successful completion of this course, you should be able to:

  • Navigate ArcSight ESM console and command center to correlate, investigate, analyze

  • and remediate both exposed and obscure threats

  • Construct ArcSight variables to provide advanced analysis of the event stream

  • Develop ArcSight lists and rules to allow advanced correlation activities

  • Optimize event-based data monitors to provide real-time viewing of event traffic and

  • anomalies

  • Design new report templates and create functional reports

  • Find events through the search tools.

Modules

  1. ESM Overview

  2. Command Center

  3. ArcSight Console

  4. Active Channels

  5. Filters

  6. Variable Customisation

  7. Data Monitor and Dashboards

  8. ESM Lists

  9. ESM Rules

  10. Query Viewers Authoring

  11. ESM Reports

  12. Unified Event Search Tools

Intended Audience

This course is intended for analysts who:

  • Define their organisation’s security objectives

  • Build or use advanced content to correlate, view, and respond to those security objectives

Recommended Skills

To be successful in this course, you should have the following prerequisites or knowledge:

  • Common security devices such as IDS and firewalls

  • Common network device functions, such as routers, switches, and hubs

  • TCP/IP functions such as CIDR blocks, subnets, addressing, and communications

  • Basic Windows operating system tasks and functions

  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses

  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards

  • Completed the ArcSight ESM Administrator and Analyst ATP course or 6 months experience administering ArcSight ESM