Description
Do you want to enter the SIEM field?
Do you want to learn one of the leaders SIEM technologies?
Do you want to understand the concepts and gain the hands-on on Micro Focus ArcSight SIEM?
Then this course is designed for you.
Through baby steps you will learn Micro Focus ArcSight SIEM
New section added for ArcSight Logger that includes
- Microfocus ArcSight Logger Installation (4 lectures)
- Microfocus ArcSight Logger GUI Demystified
- Ingesting Data in Logger and create Dashboards (2 lectures)
The course covers the following lessons:
- Import Brute Force package from ArcSight marketplace
- Import Sysmon package from ArcSight marketplace
- What is SIEM
- ArcSight SIEM
- ESM Enables Situational Awareness
- ESM Anatomy
- SmartConnectors
- ArcSight Manager & CORR-EngineStorage
- User Interfaces & Use Cases
- Interactive Discovery & Pattern Discovery
- ESM on an Appliance & Logger & ArcSight Solutions
- Life Cycle of an Event Through ESM
- Data Collection and Event Processing – Collect & Normalize Event Data
- Data Collection and Event Processing – Apply Event Categories
- Data Collection and Event Processing – Look up Customer and Zone in Network Model
- Data Collection and Event Processing – Filter and Aggregate Events & Managing SmartConnector Configurations
- Priority Evaluation and Network Model Lookup
- Workflow
- Correlation Evaluation – Correlation Overview & Filters & Rules
- Correlation Evaluation – How Rules are Evaluated & How Rules Use Active & Session Lists
- Correlation Evaluation – Data Monitors
- Correlation Evaluation – How Correlation Uses Local and Global Variables & Velocity Templates
- Correlation Evaluation – Event Types
- Fixing Time of Log Source
- Forgotten ESM Account Password and Disabled Account