Installing and Configuring ArcSight Platform

Installing and Configuring ArcSight PlatformARC4300IMFOpenTextMF-ARC4300I23.2<p>On completion of this course, participants should be able to:</p> <ul> <li>Describe the ArcSight Platform and its Architecture</li><li>Describe the system requirements</li><li>Install ArcSight Platform</li><li>Verify a successful installation</li><li>Configure ArcSight Platform to ingest events</li><li>Configure collectors and CTH with ArcMC</li><li>Configure Topics and Routes</li><li>Configure ESM and SOAR Integration</li><li>Manage ArcSight Users</li><li>Enable Single Sign-On</li><li>Add features to an existing ArcSight installation</li></ul><p>To be successful in this course, you should have the following prerequisites or knowledge:</p> <ul> <li>ESM200 - ESM Administrator and Analyst or comparable ArcSight experience</li><li>Experience working with command line tools</li><li>Experience deploying applications in Windows and Linux environments</li><li>Computer desktop, browser, and file system navigation skills</li><li>Two Monitors to make it easy to review the guides on one screen, and the lab on the second screen</li></ul><p>This course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight Platform within their environment.</p><ul> <li>Architecture</li><li>System Requirements</li><li>YAML Files</li><li>Installing ArcSight Platform</li><li>Post-Install Activities</li><li>Transformation Hub Management from Fusion ArcMC</li><li>Producing Events and Transformation Hub Ingestion</li><li>Collectors and CTH Deployment from ArcMC</li><li>Topic and Route Management</li><li>Integrating ESM and SOAR</li><li>Enabling Single Sign-On</li><li>Managing Users in ArcSight</li><li>Adding More ArcSight Capabilities</li></ul><h5>Module 1: Architecture</h5><ul> <li>Describing the ArcSight Platform and its Architecture</li><li>Describing the underlying CDF infrastructure</li><li>Identifying the ArcSight Platform Capabilities</li><li>Explaining other related components to the Platform</li><li>Considerations and Best Practices</li></ul><h5>Module 2: System Requirements</h5><ul> <li>Describing the following: <ul> <li>System Requirements</li><li>Host Requirements</li><li>DNS requirements</li><li>NFS Requirements</li><li>ArcSight Database</li></ul></li></ul><h5>Module 3: YAML Files</h5><ul> <li>Configuring the ArcSight Platform YAML Files</li></ul><h5>Module 4: Installing ArcSight Platform</h5><ul> <li>Pre-installing ArcSight</li><li>Installing ArcSight</li></ul><h5>Module 5: Post-Install Activities</h5><ul> <li>Checking the status of the ArcSight Platform Installation</li><li>Accessing and exploring the ITOM Management Portal</li><li>Running the post-install command to finalize the deployment</li><li>Uploading License Files under the ITOM Management Portal</li><li>Logging into Fusion for the First Time</li></ul><h5>Module 6: Transformation Hub Management from Fusion ArcMC</h5><ul> <li>Validating a successful integration between Transformation Hub and the new containerized ArcMC available in Fusion</li><li>Retrieving the master root certificate</li></ul><h5>Module 7: Producing Events and Transformation Hub Ingestion</h5><ul> <li>Recognizing and describing how events are produced</li><li>Describing event formats: classic (CEF) and AVRO</li><li>Installing a CEF Producer and AVRO Producer of events</li><li>Detailed walkthrough of the configuration steps and all parameters</li><li>Sending Test Alerts Replay Events to Transformation Hub</li><li>Validating Topics and Transformation Hub Ingestion</li></ul><h5>Module 8: Collectors and CTH Deployment from ArcMC</h5><ul> <li>Defining the difference between a Collector and Connector</li><li>Listing the advantages of using Collectors</li><li>Describing what’s needed to perform a Collector Deployment using ArcMC</li><li>Deploying CTH from ArcMC and route events from th-syslog to other topics</li></ul><h5>Module 9: Topic and Route Management</h5><ul> <li>Managing Topic and Routes</li><li>Local vs Global Event Enrichment</li><li>Types of Stream Processor Instances in Transformation Hub</li><li>Configuring Topics and Routes – Step by Step Example for Global Event Enrichment</li></ul><h5>Module 10: Integrating ESM and SOAR</h5><ul> <li>Configuring the ESM and SOAR Integration</li><li>Verifying a Successful Integration</li></ul><h5>Module 11: Enabling Single Sign-On</h5><ul> <li>Configuring the ESM Admin User for Single Sign-on</li><li>Enabling Single Sign-on</li></ul><h5>Module 12: Managing Users in ArcSight</h5><ul> <li>Managing ArcSight Users Overview</li><li>Managing ESM Users</li><li>Managing Fusion Users</li><li>Managing SOAR Users</li><li>Defining Recon User Permissions and Roles</li><li>Defining Intelligence User Permissions and Roles</li></ul><h5>Module 13: Adding More ArcSight Capabilities</h5><ul> <li>Describing the benefits of adding more ArcSight capabilities</li><li>Adding more ArcSight capabilities</li><li>Specify mandatory filtering on pre-defined fields or user-specified fields</li><li>Create lookup values for field attributes</li><li>Create and use parameters and parameter groups</li></ul>On completion of this course, participants should be able to: - Describe the ArcSight Platform and its Architecture - Describe the system requirements - Install ArcSight Platform - Verify a successful installation - Configure ArcSight Platform to ingest events - Configure collectors and CTH with ArcMC - Configure Topics and Routes - Configure ESM and SOAR Integration - Manage ArcSight Users - Enable Single Sign-On - Add features to an existing ArcSight installationTo be successful in this course, you should have the following prerequisites or knowledge: - ESM200 - ESM Administrator and Analyst or comparable ArcSight experience - Experience working with command line tools - Experience deploying applications in Windows and Linux environments - Computer desktop, browser, and file system navigation skills - Two Monitors to make it easy to review the guides on one screen, and the lab on the second screenThis course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight Platform within their environment.- Architecture - System Requirements - YAML Files - Installing ArcSight Platform - Post-Install Activities - Transformation Hub Management from Fusion ArcMC - Producing Events and Transformation Hub Ingestion - Collectors and CTH Deployment from ArcMC - Topic and Route Management - Integrating ESM and SOAR - Enabling Single Sign-On - Managing Users in ArcSight - Adding More ArcSight CapabilitiesModule 1: Architecture - Describing the ArcSight Platform and its Architecture - Describing the underlying CDF infrastructure - Identifying the ArcSight Platform Capabilities - Explaining other related components to the Platform - Considerations and Best Practices Module 2: System Requirements - Describing the following: - System Requirements - Host Requirements - DNS requirements - NFS Requirements - ArcSight Database Module 3: YAML Files - Configuring the ArcSight Platform YAML Files Module 4: Installing ArcSight Platform - Pre-installing ArcSight - Installing ArcSight Module 5: Post-Install Activities - Checking the status of the ArcSight Platform Installation - Accessing and exploring the ITOM Management Portal - Running the post-install command to finalize the deployment - Uploading License Files under the ITOM Management Portal - Logging into Fusion for the First Time Module 6: Transformation Hub Management from Fusion ArcMC - Validating a successful integration between Transformation Hub and the new containerized ArcMC available in Fusion - Retrieving the master root certificate Module 7: Producing Events and Transformation Hub Ingestion - Recognizing and describing how events are produced - Describing event formats: classic (CEF) and AVRO - Installing a CEF Producer and AVRO Producer of events - Detailed walkthrough of the configuration steps and all parameters - Sending Test Alerts Replay Events to Transformation Hub - Validating Topics and Transformation Hub Ingestion Module 8: Collectors and CTH Deployment from ArcMC - Defining the difference between a Collector and Connector - Listing the advantages of using Collectors - Describing what’s needed to perform a Collector Deployment using ArcMC - Deploying CTH from ArcMC and route events from th-syslog to other topics Module 9: Topic and Route Management - Managing Topic and Routes - Local vs Global Event Enrichment - Types of Stream Processor Instances in Transformation Hub - Configuring Topics and Routes – Step by Step Example for Global Event Enrichment Module 10: Integrating ESM and SOAR - Configuring the ESM and SOAR Integration - Verifying a Successful Integration Module 11: Enabling Single Sign-On - Configuring the ESM Admin User for Single Sign-on - Enabling Single Sign-on Module 12: Managing Users in ArcSight - Managing ArcSight Users Overview - Managing ESM Users - Managing Fusion Users - Managing SOAR Users - Defining Recon User Permissions and Roles - Defining Intelligence User Permissions and Roles Module 13: Adding More ArcSight Capabilities - Describing the benefits of adding more ArcSight capabilities - Adding more ArcSight capabilities - Specify mandatory filtering on pre-defined fields or user-specified fields - Create lookup values for field attributes - Create and use parameters and parameter groups5 Tage3750.004000.00