ESM310-76 - ArcSight-ESM-Advanced Administrator with exam - Online Training - English - Webinar von Fast Lane Institute for Knowledge Transfer

• Identify ESM Architecture
• Describe the content of the ArcSight Event Schema
• List the phases of the ArcSight Event Lifecycle
• Describe the event processing and schema population performed during each phase of the event lifecycle
• List the resources and tools applicable to specific phases of the event lifecycle

• Access the ArcSight ESM Command Center
• Monitor Usage Metrics
• View System Metrics
• Use the SOC/MITRE Dashboards
• Access and use Active Lists
• Utilize Field Sets

• Launch the ArcSight Console
• Identify toolbar components and their functions
• List the different views available in the Viewer panel
• Identify three methods to access Console Help
• Describe the Reference Resources and their characteristics
• Identify ESM Console preference options
• Customize your ESM Console

• Create a new Active Channel
• View the details of an event
• Identify Dynamic and Static Active Channels

• Describe Filter types and usage
• Add, edit and save Filters to an Active Channel
• Define the Common Conditions Editor

• Describe functions available in Variables
• Create both Local and Global Variables
• Promote Local to Global Variables
• Share Global Variables among multiple resources

• Identify Data Monitor types and functions
• Create a Data Monitor
• Access and Use Dashboards
• Modify Dashboard Data Monitor Layouts

• Describe the differences between Active and Session Lists
• Create and validate Active and Session List integration Rules

• Create and validate the following:
  • Rule behavior
  • Brute Force Login Attempt and Successful rules
  • Light Weight rules and Pre-Persistent rules

• Define Queries
• Describe Query Viewers
• Explain the advantages of using Query Viewers
• Create the following functions with Query Viewers
  • Drilldowns
  • Baselines
  • Reports
  • Dashboard views

• List the components in the Report Workflow
• List the different types of Reports
• Run a Report from the Navigator panel
• View an Archive Report from the Navigator panel
• Set up a scheduled Report job
• Build a custom Report
• Build a custom Trend Report

• Describe how keyword, field-based and pipeline searches are performed
• Describe how search results are displayed
• Use the unified Search page to initiate any type of search
• Use Search Helper and Search Builder features to save time constructing search expressions
• Load, modify, and save search filters and saved searches
• Enable peer ESM and Logger instances for searching

Upon successful completion of this course, you should be able to:

• Navigate ArcSight ESM console and command center to correlate, investigate, analyze and remediate both exposed and obscure threats
• Construct ArcSight variables to provide advanced analysis of the event stream
• Develop ArcSight lists and rules to allow advanced correlation activities
• Optimize event-based data monitors to provide real-time viewing of event traffic and anomalies
• Design new report templates and create functional reports
• Find events through the search tools.