Last updated 8/2023
Duration: 13h 49m | Video: .MP4, 1920×1080 30 fps | Audio: AAC, 44.1kHz, 2ch | Size: 10.5 GB
Genre: eLearning | Language: English
Get Hands-On Experience on Logger & ESM which are main ArcSight components
What you’ll learn
ArcSight Logger and ESM Hands-On
SIEM platform that unifies data collection and log management
A Log Management Solution
Ingesting Windows Security Events
Building dashboards
ESM Anatomy
SmartConnectors
ArcSight Manager & CORR-EngineStorage
User Interfaces & Use Cases
Interactive Discovery & Pattern Discovery
ESM on an Appliance & Logger & ArcSight Solutions
Life Cycle of an Event Through ESM
Data Collection and Event Processing – Collect & Normalize Event Data
Data Collection and Event Processing – Apply Event Categories
Data Collection and Event Processing – Look up Customer and Zone in Network Model
Data Collection and Event Processing – Filter and Aggregate Events & Managing SmartConnector Configurations
Priority Evaluation and Network Model Lookup
Workflow
Correlation Evaluation – Correlation Overview & Filters & Rules
Correlation Evaluation – How Rules are Evaluated & How Rules Use Active & Session Lists
Correlation Evaluation – Data Monitors
Correlation Evaluation – How Correlation Uses Local and Global Variables & Velocity Templates
Correlation Evaluation – Event Types
ESM Administration
ArcSight Theory
Import packages from ArcSight marketplace
Sysmon
Brute Force
Requirements
Basic Unix/Linux skills
Description
Micro Focus ArcSight Data Platform is a SIEM platform that unifies data collection and log management of machine data for security intelligence. Micro Focus ArcSight Logger is a component of Micro Focus ArcSight Data Platform. In this course you will learn how to perform a successful ArcSight Software Logger installation from scratch, ingest replay events, and creating nice dashboards.
((Announcemt))
Significant expansion to the Course Circuilum on 23rd of August 2023
Renamed the course from “Micro Focus ArcSight Logger Hands-On” to “ArcSight Logger & ESM Hands-On” and added below 5 x extra sestions
1) ESM Installation
2) ESM Console Demystified
3) ESM Hands-ON
4) ESM Administration
5) ArcSight Theory
The above 5 sections will cover the following lessons
Import Brute Force package from ArcSight marketplace
Import Sysmon package from ArcSight marketplace
What is SIEM
ArcSight SIEM
ESM Enables Situational Awareness
ESM Anatomy
SmartConnectors
ArcSight Manager & CORR-EngineStorage
User Interfaces & Use Cases
Interactive Discovery & Pattern Discovery
ESM on an Appliance & Logger & ArcSight Solutions
Life Cycle of an Event Through ESM
Data Collection and Event Processing – Collect & Normalize Event Data
Data Collection and Event Processing – Apply Event Categories
Data Collection and Event Processing – Look up Customer and Zone in Network Model
Data Collection and Event Processing – Filter and Aggregate Events & Managing SmartConnector Configurations
Priority Evaluation and Network Model Lookup
Workflow
Correlation Evaluation – Correlation Overview & Filters & Rules
Correlation Evaluation – How Rules are Evaluated & How Rules Use Active & Session Lists
Correlation Evaluation – Data Monitors
Correlation Evaluation – How Correlation Uses Local and Global Variables & Velocity Templates
Correlation Evaluation – Event Types
Fixing Time of Log Source
Forgotten ESM Account Password and Disabled Account
Who this course is for
Security Administrator, Analyst, Consultant, SOC, Architect
Homepage
https://www.udemy.com/course/micro-focus-arcsight-logger-hands-on