ArcSight ESM Advanced Administrator

ArcSight ESM Advanced AdministratorASEAAMFOpenTextMF-ASEAA1.0On completion of this course, participants should be able to: <ul> <li>Identify the ESM communication strategy used between the various devices and components within an ESM Network</li><li>Define each ESM operation modes and components, Compact and Distributed, and the issues ESM Distributed Mode comes to solve</li><li>Plan, install, and run ESM in Distributed Mode</li><li>Identify functions and navigate the Command Center UI</li><li>Install and customize the ESM console</li><li>Install and configure ArcSight SmartConnectors</li><li>Install and configure a Forwarding Connector</li><li>Import Zone and Asset information with the Network Model wizard</li><li>Customize ArcSight ESM using the properties files</li><li>Describe and install ArcSight upgrades and patches</li><li>Configure and manage storage groups</li><li>Describe CORRE daily job archives</li><li>Recognize how to Back up and restore ESM</li><li>Describe and deploy uses of SSL technology in ArcSight ESM</li></ul>To be successful in this course, you should have the following prerequisites or knowledge: <ul> <li>Knowledge of ESM Concepts</li><li>(Minimum) 6 Months ArcSight Administration Experience</li><li>Database SQL statements experience</li><li>Linux Administration experience</li><li>Successful Completion of ArcSight ESM Administrator & Analyst Course or Equivalent Experience</li></ul>This course is intended for Administrators who: <ul> <li>Install, maintain, and troubleshoot ESM components</li><li>Design and implement integrations between ArcSight ESM and other ArcSight products</li><li>Proactively investigate the health of the ESM CORRE environment</li></ul>Module 1: Introduction to ESM Components <ul> <li>Describe each ESM system component</li></ul>Module 2: ESM Distributed Components <ul> <li>Recognize where ESM fits within the ArcSight Architecture</li><li>Define each ESM operation modes, Compact and Distributed, and the issues ESM Distributed Mode comes to solve</li><li>Describe the ESM Distributed Mode components</li><li>Recognize the ArcSight Data Platform (ADP) and its components</li></ul>Module 3: Installing ESM Distributed Mode <ul> <li>Plan System Hardware Requirements</li><li>Check Operating System Pre-Installation</li><li>Install ESM Persistor Node</li><li>Install ESM Correlator Aggregator Node</li><li>Configure Integration of the Persistor Node</li><li>Add Correlator Aggregator Services</li><li>Configure Message Bus Data and Control Instances from Persistor</li><li>Configure Repository Instances from Persistor</li><li>Configure Distributed Cache on Correlator Aggregators</li><li>Run Cert Admin Approveall</li><li>Start All Cluster Wide Services from Persistor Node</li></ul>Module 4: Maintaining ESM Properties Files and Upgrades <ul> <li>Customize ArcSight ESM using Properties File</li><li>Prepare System for an Upgrade</li><li>Upgrade ESM</li><li>Upgrade the ESM Console</li></ul>Module 5: Installing the ESM Console <ul> <li>Install the ESM Console</li><li>Customize the ESM Console</li><li>Describe Tools available in the ESM Console</li></ul>Module 6: Installing SmartConnectors <ul> <li>Describe how Connectors collect, normalize, and cache events</li><li>Install and configure ArcSight SmartConnectors</li><li>Identify Connector Command Scripts</li><li>Describe how Connectors can be managed from an ESM Console, a Connector Appliance, or ArcSight Management Center</li></ul>Module 7: Managing the Network Model <ul> <li>List Network Model resources</li><li>Describe Asset Model resources</li><li>Add the following modelling resources:</li></ul><ul> <li>Assets</li><li>Asset Ranges</li><li>Zones</li><li>Network and attach it to a connector</li><li>Import Zone and Asset information with the Network Model wizard</li><li>Explain the use of the Asset Import Connector</li></ul>Module 8: Configuring SmartConnector Destinations <ul> <li>Get SmartConnector Status</li><li>Set SmartConnector Flow-Control</li><li>Use SmartConnector Administrative Dashboards</li><li>Configure SmartConnectors for Failover and Dual Destinations</li></ul>Module 9: Installing the ESM Super and Syslog Connectors <ul> <li>Install and configure a Forwarding Connector</li><li>Install and configure a Syslog connector</li></ul>Module 10: SmartConnectors Configurations and Advanced Features <ul> <li>Configure SmartConnectors using advanced features such as turbo mode, map files, event filtering, network options and event aggregation</li><li>Construct advanced configuration settings for optimal performance and data enrichment</li></ul>Module 11: Command Center <ul> <li>Log onto the ArcSight Command Center</li><li>Identify functions and navigate the User Interface</li><li>Use the ArcSight Command Center Help Facility</li><li>Configure:</li></ul><ul> <li>Authentication</li><li>Content</li><li>Storage</li><li>Appliances</li><li>Identify stock content dashboards</li></ul>Module 12: ESM Backup and Restore <ul> <li>Restore the ESM Manager's configurations</li><li>Back up and restore ESM</li><li>Describe CORR-E Daily Job Archiving</li></ul>Module 13: Certificate Management <ul> <li>Describe uses of SSL technology in ArcSight ESM</li><li>Describe SSL setup options</li></ul><ul> <li>keytool/keytoolgui</li><li>certadmin</li><li>Identify the steps to deploy:</li></ul><ul> <li>Self-signed Certificates</li><li>Approve/revoke distributed mode Certificates</li><li>CA (Certificate Authority)-signed Certificates</li></ul>On completion of this course, participants should be able to: - Identify the ESM communication strategy used between the various devices and components within an ESM Network - Define each ESM operation modes and components, Compact and Distributed, and the issues ESM Distributed Mode comes to solve - Plan, install, and run ESM in Distributed Mode - Identify functions and navigate the Command Center UI - Install and customize the ESM console - Install and configure ArcSight SmartConnectors - Install and configure a Forwarding Connector - Import Zone and Asset information with the Network Model wizard - Customize ArcSight ESM using the properties files - Describe and install ArcSight upgrades and patches - Configure and manage storage groups - Describe CORRE daily job archives - Recognize how to Back up and restore ESM - Describe and deploy uses of SSL technology in ArcSight ESMTo be successful in this course, you should have the following prerequisites or knowledge: - Knowledge of ESM Concepts - (Minimum) 6 Months ArcSight Administration Experience - Database SQL statements experience - Linux Administration experience - Successful Completion of ArcSight ESM Administrator & Analyst Course or Equivalent ExperienceThis course is intended for Administrators who: - Install, maintain, and troubleshoot ESM components - Design and implement integrations between ArcSight ESM and other ArcSight products - Proactively investigate the health of the ESM CORRE environmentModule 1: Introduction to ESM Components - Describe each ESM system component Module 2: ESM Distributed Components - Recognize where ESM fits within the ArcSight Architecture - Define each ESM operation modes, Compact and Distributed, and the issues ESM Distributed Mode comes to solve - Describe the ESM Distributed Mode components - Recognize the ArcSight Data Platform (ADP) and its components Module 3: Installing ESM Distributed Mode - Plan System Hardware Requirements - Check Operating System Pre-Installation - Install ESM Persistor Node - Install ESM Correlator Aggregator Node - Configure Integration of the Persistor Node - Add Correlator Aggregator Services - Configure Message Bus Data and Control Instances from Persistor - Configure Repository Instances from Persistor - Configure Distributed Cache on Correlator Aggregators - Run Cert Admin Approveall - Start All Cluster Wide Services from Persistor Node Module 4: Maintaining ESM Properties Files and Upgrades - Customize ArcSight ESM using Properties File - Prepare System for an Upgrade - Upgrade ESM - Upgrade the ESM Console Module 5: Installing the ESM Console - Install the ESM Console - Customize the ESM Console - Describe Tools available in the ESM Console Module 6: Installing SmartConnectors - Describe how Connectors collect, normalize, and cache events - Install and configure ArcSight SmartConnectors - Identify Connector Command Scripts - Describe how Connectors can be managed from an ESM Console, a Connector Appliance, or ArcSight Management Center Module 7: Managing the Network Model - List Network Model resources - Describe Asset Model resources - Add the following modelling resources: - Assets - Asset Ranges - Zones - Network and attach it to a connector - Import Zone and Asset information with the Network Model wizard - Explain the use of the Asset Import Connector Module 8: Configuring SmartConnector Destinations - Get SmartConnector Status - Set SmartConnector Flow-Control - Use SmartConnector Administrative Dashboards - Configure SmartConnectors for Failover and Dual Destinations Module 9: Installing the ESM Super and Syslog Connectors - Install and configure a Forwarding Connector - Install and configure a Syslog connector Module 10: SmartConnectors Configurations and Advanced Features - Configure SmartConnectors using advanced features such as turbo mode, map files, event filtering, network options and event aggregation - Construct advanced configuration settings for optimal performance and data enrichment Module 11: Command Center - Log onto the ArcSight Command Center - Identify functions and navigate the User Interface - Use the ArcSight Command Center Help Facility - Configure: - Authentication - Content - Storage - Appliances - Identify stock content dashboards Module 12: ESM Backup and Restore - Restore the ESM Manager's configurations - Back up and restore ESM - Describe CORR-E Daily Job Archiving Module 13: Certificate Management - Describe uses of SSL technology in ArcSight ESM - Describe SSL setup options - keytool/keytoolgui - certadmin - Identify the steps to deploy: - Self-signed Certificates - Approve/revoke distributed mode Certificates - CA (Certificate Authority)-signed Certificates5 Tage4000.00