{"course":{"productid":35143,"modality":6,"active":true,"language":"fr","title":"ArcSight ESM Administrator and Analyst","productcode":"ASEAAA","vendorcode":"MF","vendorname":"OpenText","fullproductcode":"MF-ASEAAA","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/opentext-aseaaa","objective":"<p>On completion of this course, participants should be able to:\n<\/p>\n<ul>\n<li>Make ArcSight ESM operational upon initial installation<\/li><li>Describe how ESM works in the context of your network<\/li><li>Create user accounts<\/li><li>Implement built-in content<\/li><li>Populate ESM with your network and assets to identify endpoints involved in an event<\/li><li>Create site-specific business-oriented views<\/li><li>Investigate, identify, analyze, and remediate exposed security issues<\/li><li>Use workflow management to provide real-time incident response and escalation tracking<\/li><li>Modify and run standard reports to provide situational awareness and network status<\/li><li>Establish ESM peering across multiple ESM instances<\/li><li>Perform distributed event search and content management<\/li><\/ul>","essentials":"<p>None<\/p>","audience":"<p>Analysts, Content Engineers, Business Administrators<\/p>","contents":"<p><strong>Module 1: ESM Overview<\/strong><\/p>\n<ul>\n<li>Discuss what ArcSight ESM is and how it fits into a SOC<\/li><li>List the problems ESM can solve<\/li><li>Discuss basic processes to make an ESM installation successful<\/li><li>Describe the basic ArcSight components (10&#039; - 100,000&#039; view)<\/li><li>Identify basic user roles within an ArcSight Installation<\/li><\/ul><p><strong>Module 2: Command Center<\/strong><\/p>\n<ul>\n<li>Discuss an overview of the Command Center<\/li><li>Describe how to use the Site Map<\/li><li>Describe how to monitor usage<\/li><li>Discuss how to configure Dashboards and the different Dashlets you can add<\/li><li>Describe how to use the Security Operations Center Dashboards<\/li><li>Explain how to configure and view MITRE Dashboards<\/li><li>Discuss how to monitor events with Active Channels<\/li><li>Discuss how to view and use Field Sets<\/li><li>Discuss how to view, export, and filter Active Lists<\/li><\/ul><p><strong>Module 3: ESM Console<\/strong><\/p>\n<ul>\n<li>Install the ArcSight ESM Console<\/li><li>Start the ArcSight ESM Console<\/li><li>Use the Console Panels and Features<\/li><li>Customize the ESM console<\/li><\/ul><p><strong>Module 4: Installing and Configuring ArcSight Connectors<\/strong><\/p>\n<ul>\n<li>Describe a connector<\/li><li>Describe normalization<\/li><li>Describe a network model<\/li><li>Describe SmartConnectors<\/li><li>Deploy and configure SmartConnectors<\/li><\/ul><p><strong>Module 5: ArcSight Marketplace<\/strong><\/p>\n<ul>\n<li>Describe what is the Marketplace<\/li><li>Define Marketplace packages\/use cases<\/li><\/ul><p><strong>Module 6: Schema, Fieldsets, and Active Channels<\/strong><\/p>\n<ul>\n<li>Describe the ArcSight Event Schema<\/li><li>Describe an Active Channel<\/li><li>Describe what a field set is<\/li><li>Describe the Event Life Cycle<\/li><\/ul><p><strong>Module 7: Filters<\/strong><\/p>\n<ul>\n<li>Describe Filters and Filter Types<\/li><li>Create and Modify Filters<\/li><li>Debug Filters<\/li><\/ul><p><strong>Module 8: Dashboards &amp; Data Monitors<\/strong><\/p>\n<ul>\n<li>Identify Data Monitor types and functions<\/li><li>Access and Use Dashboards<\/li><li>Modify Dashboard Data Monitor Layouts<\/li><\/ul><p><strong>Module 9: Rules &amp; Lists<\/strong><\/p>\n<ul>\n<li>Describe rules and rule types<\/li><li>Describe rule triggers and actions<\/li><li>Describe Active Lists and Session Lists<\/li><li>Create and validate rule behavior<\/li><li>Create and validate Brute Force Login Attempt and Successful rules<\/li><li>Create and validate Active and Session List integration rules<\/li><\/ul><p><strong>Module 10: User Administration<\/strong><\/p>\n<ul>\n<li>Create, edit, rename, delete user groups<\/li><li>Create, edit, move, delete users<\/li><li>Manage resource permissions<\/li><li>Access and modify global user password properties<\/li><\/ul><p><strong>Module 11: Notifications<\/strong><\/p>\n<ul>\n<li>Describe the operation of ArcSight notifications<\/li><li>Configure ArcSight notifications<\/li><\/ul><p><strong>Module 12: Incident Response and Automation with SOAR<\/strong><\/p>\n<ul>\n<li>Understand SOAR<\/li><li>Triage cases with SOAR<\/li><li>Respond to Cases with Playbooks<\/li><li>Close a case<\/li><\/ul><p><strong>Module 13: Queries and Query Viewers<\/strong><\/p>\n<ul>\n<li>Explain Queries<\/li><li>Define Query Viewers<\/li><li>Explain the advantages of using Query Viewers<\/li><li>Create the following functions with Query Viewers: Drilldowns, Baselines, Reports, Dashboard views<\/li><\/ul><p><strong>Module 14: Reports<\/strong><\/p>\n<ul>\n<li>Define a report<\/li><li>Run, view, and save a report<\/li><li>Manage archived reports<\/li><\/ul><p><strong>Module 15: Content Management and Peering<\/strong><\/p>\n<ul>\n<li>Peer ESMs<\/li><li>Perform a search on a peer<\/li><li>Create a package and sync to a peer<\/li><li>Manually push a package<\/li><li>Verify successful distribution of a package<\/li><\/ul><p><strong>Module 16: Event Search<\/strong><\/p>\n<ul>\n<li>how keyword, field-based and pipeline searches are performed<\/li><li>Describe how search results are displayed<\/li><li>Use the unified Search page to initiate any type of search<\/li><li>Use Search Helper and Search Builder features to save time constructing search expressions<\/li><li>Load, modify, and save search filters and saved searches<\/li><li>Enable peer ESM and Logger instances for searching<\/li><\/ul>","summary":"<p>In this introductory course you learn how to use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources. You will also be introduced to triaging and resolving cases with ArcSight SOAR.<\/p>\n<p><strong>Highlights:<\/strong>\n<\/p>\n<ul>\n<li>Investigate security events<\/li><li>Configure security content<\/li><\/ul>","objective_plain":"On completion of this course, participants should be able to:\n\n\n\n- Make ArcSight ESM operational upon initial installation\n- Describe how ESM works in the context of your network\n- Create user accounts\n- Implement built-in content\n- Populate ESM with your network and assets to identify endpoints involved in an event\n- Create site-specific business-oriented views\n- Investigate, identify, analyze, and remediate exposed security issues\n- Use workflow management to provide real-time incident response and escalation tracking\n- Modify and run standard reports to provide situational awareness and network status\n- Establish ESM peering across multiple ESM instances\n- Perform distributed event search and content management","essentials_plain":"None","audience_plain":"Analysts, Content Engineers, Business Administrators","contents_plain":"Module 1: ESM Overview\n\n\n- Discuss what ArcSight ESM is and how it fits into a SOC\n- List the problems ESM can solve\n- Discuss basic processes to make an ESM installation successful\n- Describe the basic ArcSight components (10' - 100,000' view)\n- Identify basic user roles within an ArcSight Installation\nModule 2: Command Center\n\n\n- Discuss an overview of the Command Center\n- Describe how to use the Site Map\n- Describe how to monitor usage\n- Discuss how to configure Dashboards and the different Dashlets you can add\n- Describe how to use the Security Operations Center Dashboards\n- Explain how to configure and view MITRE Dashboards\n- Discuss how to monitor events with Active Channels\n- Discuss how to view and use Field Sets\n- Discuss how to view, export, and filter Active Lists\nModule 3: ESM Console\n\n\n- Install the ArcSight ESM Console\n- Start the ArcSight ESM Console\n- Use the Console Panels and Features\n- Customize the ESM console\nModule 4: Installing and Configuring ArcSight Connectors\n\n\n- Describe a connector\n- Describe normalization\n- Describe a network model\n- Describe SmartConnectors\n- Deploy and configure SmartConnectors\nModule 5: ArcSight Marketplace\n\n\n- Describe what is the Marketplace\n- Define Marketplace packages\/use cases\nModule 6: Schema, Fieldsets, and Active Channels\n\n\n- Describe the ArcSight Event Schema\n- Describe an Active Channel\n- Describe what a field set is\n- Describe the Event Life Cycle\nModule 7: Filters\n\n\n- Describe Filters and Filter Types\n- Create and Modify Filters\n- Debug Filters\nModule 8: Dashboards & Data Monitors\n\n\n- Identify Data Monitor types and functions\n- Access and Use Dashboards\n- Modify Dashboard Data Monitor Layouts\nModule 9: Rules & Lists\n\n\n- Describe rules and rule types\n- Describe rule triggers and actions\n- Describe Active Lists and Session Lists\n- Create and validate rule behavior\n- Create and validate Brute Force Login Attempt and Successful rules\n- Create and validate Active and Session List integration rules\nModule 10: User Administration\n\n\n- Create, edit, rename, delete user groups\n- Create, edit, move, delete users\n- Manage resource permissions\n- Access and modify global user password properties\nModule 11: Notifications\n\n\n- Describe the operation of ArcSight notifications\n- Configure ArcSight notifications\nModule 12: Incident Response and Automation with SOAR\n\n\n- Understand SOAR\n- Triage cases with SOAR\n- Respond to Cases with Playbooks\n- Close a case\nModule 13: Queries and Query Viewers\n\n\n- Explain Queries\n- Define Query Viewers\n- Explain the advantages of using Query Viewers\n- Create the following functions with Query Viewers: Drilldowns, Baselines, Reports, Dashboard views\nModule 14: Reports\n\n\n- Define a report\n- Run, view, and save a report\n- Manage archived reports\nModule 15: Content Management and Peering\n\n\n- Peer ESMs\n- Perform a search on a peer\n- Create a package and sync to a peer\n- Manually push a package\n- Verify successful distribution of a package\nModule 16: Event Search\n\n\n- how keyword, field-based and pipeline searches are performed\n- Describe how search results are displayed\n- Use the unified Search page to initiate any type of search\n- Use Search Helper and Search Builder features to save time constructing search expressions\n- Load, modify, and save search filters and saved searches\n- Enable peer ESM and Logger instances for searching","summary_plain":"In this introductory course you learn how to use the ArcSight console and ArcSight Command Center to monitor security events, configure ESM, manage users, and manage ESM network intelligence resources. You will also be introduced to triaging and resolving cases with ArcSight SOAR.\n\nHighlights:\n\n\n\n- Investigate security events\n- Configure security content","skill_level":"Beginner","version":"24.1","duration":{"unit":"d","value":5,"formatted":"5 jours"},"pricelist":{"List Price":{"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":4000}}},"lastchanged":"2025-07-29T12:18:36+02:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course-schedule\/35143","source_lang":"fr","source":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course\/opentext-aseaaa"}}