ArcSight Enterprise Security Manager Administration

ArcSight Enterprise Security Manager AdministrationAESMAMFOpenTextMF-AESMA24.1<p>On completion of this course, participants should be able to:</p> <ul> <li>Identify the ESM communication strategy used between the various devices and components within an ESM Network</li><li>Define each ESM operation modes and components, Compact and Distributed, and the issues ESM Distributed Mode comes to solve</li><li>Plan, install, and run ESM in Distributed Mode</li><li>Identify functions and navigate the Command Center UI</li><li>Install and customize the ESM console</li><li>Install and configure ArcSight SmartConnectors</li><li>Install and configure a Forwarding Connector</li><li>Setup Notifications</li><li>Import Zone and Asset information with the Network Model wizard</li><li>Customize ArcSight ESM using the properties files</li><li>Describe and install ArcSight upgrades and patches</li><li>Create Users and define User Permissions</li><li>Review Administrator Reports, Dashboards and Filters</li><li>Configure and manage storage groups</li><li>Describe CORRE daily job archives</li><li>Recognize how to Back up and restore ESM</li><li>Describe and deploy uses of SSL technology in ArcSight ESM</li></ul><p>To be successful in this course, you should have the following prerequisites or knowledge:</p> <ul> <li>Knowledge of ESM Concepts</li><li>(Minimum) 6 Months ArcSight Administration Experience</li><li>Database SQL statements experience</li><li>Linux Administration experience</li><li>Successful Completion of ArcSight ESM Administrator & Analyst Course or Equivalent Experience</li></ul><p>This course is for Administrators who install, maintain, and troubleshoot ESM components</p> <ul> <li>Design and implement integrations between ArcSight ESM and other ArcSight products</li><li>Proactively investigate the health of the ESM CORRE environment.</li></ul><ul> <li>Introduction to ESM Administration</li><li>ESM Distributed Components</li><li>Installing ESM Distributed Mode</li><li>Maintaining ESM Properties Files and Upgrades</li><li>Installing the ESM Console</li><li>Installing SmartConnectors</li><li>Managing the Network Model</li><li>Configuring SmartConnector Destinations</li><li>Installing the ESM Super and Syslog Connectors</li><li>SmartConnectors Configurations and Advanced Features</li><li>Command Center</li><li>Accessing Administrator Content</li><li>Content Management and Peering</li><li>ESM User Administration and Notification</li><li>ESM Certification Management</li><li>ESM Backup and Restore</li></ul><h5>Module 1: Introduction to ESM Administration</h5><ul> <li>Describe each ESM system component</li></ul><h5>Module 2: ESM Distributed Components</h5><ul> <li>Recognize where ESM fits within the ArcSight Architecture</li><li>Define each ESM operation modes, Compact and Distributed, and the issues ESM Distributed Mode comes to solve</li><li>Describe the ESM Distributed Mode components</li><li>Recognize the ArcSight Data Platform (ADP) and its components</li></ul><h5>Module 3: Installing ESM Distributed Mode</h5><ul> <li>Plan System Hardware Requirements</li><li>Check Operating System Pre-Installation</li><li>Install ESM Persistor Node</li><li>Install ESM Correlator Aggregator Node</li><li>Configure Integration of the Persistor Node</li><li>Add Correlator Aggregator Services</li><li>Configure Message Bus Data and Control Instances from Persistor</li><li>Configure Repository Instances from Persistor</li><li>Configure Distributed Cache on Correlator Aggregators</li><li>Run Cert Admin Approveall</li><li>Start All Cluster Wide Services from Persistor Node</li></ul><h5>Module 4: Maintaining ESM Properties Files and Upgrades</h5><ul> <li>Customize ArcSight ESM using Properties File</li><li>Prepare System for an Upgrade</li><li>Upgrade ESM</li><li>Upgrade the ESM Console</li></ul><h5>Module 5: Installing the ESM Console</h5><ul> <li>Install the ESM Console</li><li>Customize the ESM Console</li><li>Describe Tools available in the ESM Console</li></ul><h5>Module 6: Installing SmartConnectors</h5><ul> <li>Describe how Connectors collect, normalize, and cache events</li><li>Install and configure ArcSight SmartConnectors</li><li>Identify Connector Command Scripts</li><li>Describe how Connectors can be managed from an ESM Console, a Connector Appliance, or ArcSight Management Center</li></ul><h5>Module 7: Managing the Network Model</h5><ul> <li>List Network Model resources</li><li>Describe Asset Model resources</li><li>Add the following modelling resources:</li><li>Assets</li><li>Asset Ranges</li><li>Zones</li><li>Network and attach it to a connector</li><li>Import Zone and Asset information with the Network Model wizard</li><li>Explain the use of the Asset Import Connector</li></ul><h5>Module 8: Configuring SmartConnector Destinations</h5><ul> <li>Get SmartConnector Status</li><li>Set SmartConnector Flow-Control</li><li>Use SmartConnector Administrative Dashboards</li><li>Configure SmartConnectors for Failover and Dual Destinations</li></ul><h5>Module 9: Installing the ESM Super and Syslog Connectors</h5><ul> <li>Installing and configure a Forwarding Connector</li><li>Installing and configure a Syslog connector</li></ul><h5>Module 10: SmartConnectors Configurations and Advanced Features</h5><ul> <li>Configuring SmartConnectors using advanced features such as turbo mode, map files, event filtering, network options and event aggregation</li><li>Constructing advanced configuration settings for optimal performance and data enrichment</li></ul><h5>Module 11: Command Center</h5><ul> <li>Logging onto the ArcSight Command Center</li><li>Identifying functions and navigate the User Interface</li><li>Using the ArcSight Command Center Help Facility</li><li>Configure:</li><li>Authentication</li><li>Content</li><li>Storage</li><li>Appliances</li><li>Identifying stock content dashboards</li></ul><h5>Module 12: Accessing Administrator Content</h5><ul> <li>Reviewing Administrator Reports, Dashboards and Filters</li><li>Running and Archiving Reports</li><li>Using Administrator Data Monitors</li></ul><h5>Module 13: Content Management and Peering</h5><ul> <li>Peering ESMS</li><li>Performing Peer Searches</li><li>Creating Packages and Pushing content to a Peer</li></ul><h5>Module 14: ESM User Administration and Notification</h5><ul> <li>Creating Users and setting User Notifications</li><li>Managing Resource Permissions</li><li>Accessing and Modifying Password Properties</li><li>Configuring ArcSight Notifications</li></ul><h5>Module 15: ESM Certification Management</h5><ul> <li>Describing uses of SSL technology in ArcSight ESM</li><li>Describing SSL setup options</li><li>Keytool/keytoolgui</li><li>Certadmin</li><li>Identifying the steps to deploy:</li><li>Self-signed Certificates</li><li>Approve/revoke distributed mode Certificates</li><li>CA (Certificate Authority)-signed Certificates</li></ul><h5>Module 16: ESM Backup and Restore</h5><ul> <li>Restoring the ESM Manager’s configurations</li><li>Backing up and restoring ESM</li><li>Describing CORR-E Daily Job Archiving</li></ul>On completion of this course, participants should be able to: - Identify the ESM communication strategy used between the various devices and components within an ESM Network - Define each ESM operation modes and components, Compact and Distributed, and the issues ESM Distributed Mode comes to solve - Plan, install, and run ESM in Distributed Mode - Identify functions and navigate the Command Center UI - Install and customize the ESM console - Install and configure ArcSight SmartConnectors - Install and configure a Forwarding Connector - Setup Notifications - Import Zone and Asset information with the Network Model wizard - Customize ArcSight ESM using the properties files - Describe and install ArcSight upgrades and patches - Create Users and define User Permissions - Review Administrator Reports, Dashboards and Filters - Configure and manage storage groups - Describe CORRE daily job archives - Recognize how to Back up and restore ESM - Describe and deploy uses of SSL technology in ArcSight ESMTo be successful in this course, you should have the following prerequisites or knowledge: - Knowledge of ESM Concepts - (Minimum) 6 Months ArcSight Administration Experience - Database SQL statements experience - Linux Administration experience - Successful Completion of ArcSight ESM Administrator & Analyst Course or Equivalent ExperienceThis course is for Administrators who install, maintain, and troubleshoot ESM components - Design and implement integrations between ArcSight ESM and other ArcSight products - Proactively investigate the health of the ESM CORRE environment.- Introduction to ESM Administration - ESM Distributed Components - Installing ESM Distributed Mode - Maintaining ESM Properties Files and Upgrades - Installing the ESM Console - Installing SmartConnectors - Managing the Network Model - Configuring SmartConnector Destinations - Installing the ESM Super and Syslog Connectors - SmartConnectors Configurations and Advanced Features - Command Center - Accessing Administrator Content - Content Management and Peering - ESM User Administration and Notification - ESM Certification Management - ESM Backup and RestoreModule 1: Introduction to ESM Administration - Describe each ESM system component Module 2: ESM Distributed Components - Recognize where ESM fits within the ArcSight Architecture - Define each ESM operation modes, Compact and Distributed, and the issues ESM Distributed Mode comes to solve - Describe the ESM Distributed Mode components - Recognize the ArcSight Data Platform (ADP) and its components Module 3: Installing ESM Distributed Mode - Plan System Hardware Requirements - Check Operating System Pre-Installation - Install ESM Persistor Node - Install ESM Correlator Aggregator Node - Configure Integration of the Persistor Node - Add Correlator Aggregator Services - Configure Message Bus Data and Control Instances from Persistor - Configure Repository Instances from Persistor - Configure Distributed Cache on Correlator Aggregators - Run Cert Admin Approveall - Start All Cluster Wide Services from Persistor Node Module 4: Maintaining ESM Properties Files and Upgrades - Customize ArcSight ESM using Properties File - Prepare System for an Upgrade - Upgrade ESM - Upgrade the ESM Console Module 5: Installing the ESM Console - Install the ESM Console - Customize the ESM Console - Describe Tools available in the ESM Console Module 6: Installing SmartConnectors - Describe how Connectors collect, normalize, and cache events - Install and configure ArcSight SmartConnectors - Identify Connector Command Scripts - Describe how Connectors can be managed from an ESM Console, a Connector Appliance, or ArcSight Management Center Module 7: Managing the Network Model - List Network Model resources - Describe Asset Model resources - Add the following modelling resources: - Assets - Asset Ranges - Zones - Network and attach it to a connector - Import Zone and Asset information with the Network Model wizard - Explain the use of the Asset Import Connector Module 8: Configuring SmartConnector Destinations - Get SmartConnector Status - Set SmartConnector Flow-Control - Use SmartConnector Administrative Dashboards - Configure SmartConnectors for Failover and Dual Destinations Module 9: Installing the ESM Super and Syslog Connectors - Installing and configure a Forwarding Connector - Installing and configure a Syslog connector Module 10: SmartConnectors Configurations and Advanced Features - Configuring SmartConnectors using advanced features such as turbo mode, map files, event filtering, network options and event aggregation - Constructing advanced configuration settings for optimal performance and data enrichment Module 11: Command Center - Logging onto the ArcSight Command Center - Identifying functions and navigate the User Interface - Using the ArcSight Command Center Help Facility - Configure: - Authentication - Content - Storage - Appliances - Identifying stock content dashboards Module 12: Accessing Administrator Content - Reviewing Administrator Reports, Dashboards and Filters - Running and Archiving Reports - Using Administrator Data Monitors Module 13: Content Management and Peering - Peering ESMS - Performing Peer Searches - Creating Packages and Pushing content to a Peer Module 14: ESM User Administration and Notification - Creating Users and setting User Notifications - Managing Resource Permissions - Accessing and Modifying Password Properties - Configuring ArcSight Notifications Module 15: ESM Certification Management - Describing uses of SSL technology in ArcSight ESM - Describing SSL setup options - Keytool/keytoolgui - Certadmin - Identifying the steps to deploy: - Self-signed Certificates - Approve/revoke distributed mode Certificates - CA (Certificate Authority)-signed Certificates Module 16: ESM Backup and Restore - Restoring the ESM Manager’s configurations - Backing up and restoring ESM - Describing CORR-E Daily Job Archiving5 Tage4000.00