ESM200 - ArcSight ESM 7.5 Administrator and Analyst
Length 5 days
Price $5280 inc GST
Course overview
View dates & book now
Register interest
Why study this course
In this introductory course, learners use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources.
You will also be introduced to triaging and resolving cases with SOAR.
The hands-on labs for this course use ESM version 7.5 and SOAR version 3.1
Request Course Information
By submitting an enquiry, you agree to our privacy policy and receiving email and other forms of communication from us. You can opt-out at any time.
What you’ll learn
Upon successful completion of this course, you should be able to:
Make ArcSight ESM operational upon initial installation
Describe how ESM works in the context of your network
Create user accounts
Implement built-in content
Populate ESM with your network and assets to identify endpoints involved in an event
Create site-specific business-oriented views
Investigate, identify, analyse, and remediate exposed security issues
Use workflow management to provide real-time incident response and escalation tracking
Modify and run standard reports to provide situational awareness and network status
Establish ESM peering across multiple ESM instances
Perform distributed event search and content management
From our state-of-the-art classrooms to telepresence to your offices, our instructor-led training caters to your needs.
Track Record
30 years driving innovative, award-winning learning solutions
More Courses, More Often
When you train with DDLS you get more courses, more often, in more locations and from more vendors.
Quality instructors and content
Expert instructors with real world experience and the latest vendor- approved in-depth course content.
Partner-Preferred Supplier
Chosen and awarded by the world’s leading vendors as preferred training partner.
Ahead of the technology curve
No matter your chosen technologies or platforms, we can help you stay one step ahead.
Train Anywhere
From our state-of-the-art classrooms to telepresence to your offices, our instructor-led training caters to your needs.
Track Record
30 years driving innovative, award-winning learning solutions
More Courses, More Often
When you train with DDLS you get more courses, more often, in more locations and from more vendors.
Quality instructors and content
Expert instructors with real world experience and the latest vendor- approved in-depth course content.
Partner-Preferred Supplier
Chosen and awarded by the world’s leading vendors as preferred training partner.
Ahead of the technology curve
No matter your chosen technologies or platforms, we can help you stay one step ahead.
Train Anywhere
From our state-of-the-art classrooms to telepresence to your offices, our instructor-led training caters to your needs.
Track Record
30 years driving innovative, award-winning learning solutions
More Courses, More Often
When you train with DDLS you get more courses, more often, in more locations and from more vendors.
Who is the course for?
This course is intended for ESM System Administrators and Analysts.
Course subjects
Module 1: ESM Overview
Discuss what ArcSight ESM is and how it fits into a SOC
List the problems ESM can solve
Discuss basic processes to make an ESM installation successful
Describe the basic ArcSight components (10’ – 100,000’ view)
Identify basic user roles within an ArcSight Installation
Module 2: Command Center
Discuss an overview of what the Command Center is what it lets you do
Describe how to use the Site Map
Describe how to monitor usage
Discuss how to configure Dashboards and the different Dashlets you can add
Describe how to use the Security Operations Center Dashboards
Explain how to configure and view MITRE Dashboards
Discuss how to monitor events with Active Channels
Discuss how to view and use Field Sets
Discuss how to view, export, and filter Active Lists
Module 3: ESM Console
Install the ArcSight ESM Console
Start the ArcSight ESM Console
Use the Console Panels and Features
Customise the ESM consolee
Module 4: Connectors
Describe a connector
Describe normalisation
Describe a network model
Describe SmartConnectors
Deploy and configure SmartConnectors
Module 5: ArcSight Marketplace
Describe what is the Marketplace
Define Marketplace packages/use cases
Module 6: Schema, Fieldsets, and Active Channels
Describe the ArcSight Event Schema
Describe an Active Channel
Describe what a field set is
Describe the Event Life Cycle
Module 7: Filters
Describe Filters and Filter Types
Create and Modify Filters
Debug Filters
Module 8: Dashboards and Data Monitors
Identify Data Monitor types and functions
Access and Use Dashboards
Modify Dashboard Data Monitor Layouts
Module 9: Rules and Lists
Describe rules and rule types
Describe rule triggers and actions
Describe Active Lists and Session Lists
Create and validate rule behaviour
Create and validate Brute Force Login Attempt and Successful rules
Create and validate Active and Session List integration rules
Module 10: User Administration
From the ArcSight Console
Create, edit, rename, delete user groups
Create, edit, move, delete users
Manage resource permissions
From within your ESM installation, access and modify global user password properties
Module 11: Notifications
Describe the operation of ArcSight notifications
Configure ArcSight notifications
Module 12: Incident Response and Automation with SOAR
Understand SOAR
Triage cases with SOAR
Respond to Cases with Playbooks
Close a case
Module 13: Queries and Query Viewers
Explain Queries
Define Query Viewers
Explain the advantages of using Query Viewers
Create the following functions with Query Viewers: Drilldowns, Baselines, Reports, Dashboard views
Module 14: Reports
Define a report
Run, view, and save a report
Manage archived reports
Module 15: Content Management and Peering
Peer ESMs
Perform a search on a peer
Create a package and sync to a peer
Manually push a package
Verify successful distribution of a package
Module 16: Event Search
Describe how keyword, field-based and pipeline searches are performed
Describe how search results are displayed
Use the unified Search page to initiate any type of search
Use Search Helper and Search Builder features to save time constructing search expressions
Load, modify, and save search filters and saved searches
Enable peer ESM and Logger instances for searching
Prerequisites
To be successful in this course, you should have the following prerequisites or knowledge:
Working knowledge of enterprise security, event, and log management
THIRD PARTY REGISTRATION
DDLS offers certification and training through our partnership with Micro Focus. This arrangement requires DDLS to provide your details to Micro Focus for course and exam registration purposes.
Terms & Conditions
The supply of this course by DDLS is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.
Request Course Information
By submitting an enquiry, you agree to our privacy policy and receiving email and other forms of communication from us. You can opt-out at any time.
