CourseData Sheet

ArcSight ESM 6.5 Advanced Analyst

Course description
This course provides you with the knowledge required to use Course ID 00924322
advanced HP ArcSight ESM content to find and correlate event Course format, Typical Select one:
information, perform actions such as notifying stakeholders, analyze duration ILT - Instructor Led, 15 days
event data graphically, and report on security incidents within your SCA - Special Course/Activity, 15 days
security environment. You will familiarize and/or reinforce your VCR - Virtual Class (Recorded), 15
understanding of the advanced correlation capabilities within ArcSight days
ESM that provide a significant edge in detecting active attacks. This Delivery languages English
course covers HP ArcSight security problem solving methodology using
advanced HP ArcSight ESM content to find, track and remediate Register for this course.
security incidents. During the training, you will learn to use variables For information on registering for this course, please visit the HPE Enterprise
and correlation activities, customize report templates for dynamic Security University website by clicking on the link above.
content, and customize notification templates to send the appropriate
notification based upon specific attributes of an event.

Ideal candidate for this course

Typical candidates for this course are operators and analysts, who need to:
Define their organization’s security objectives
Build or use advanced content to correlate, view and respond to those security objectives

Prerequisites:
• Complete the HP ArcSight ESM Security Analyst (AESA) training
Know:
• Understand common security device functions, such as IDS/IPS, Network and Host-based firewalls, etc.
• Understand common network device functions, such as routers, switches, hubs, etc.
• TCP/IP functions, such as CIDR blocks, subnets, addressing, communications, etc.
• Understand Windows operating system tasks, such as installations, services, sharing, navigation, etc.
• Understand possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc and possible abnormal activities, such as worms,
Trojans, viruses, etc.
• Understand SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc.
• Understand security directives, such as Confidentiality, Integrity, Availability

Topics
Module 1 – ArcSight Console review
Module 2 – Active Channels and Filters review
Module 3 – Dashboards and Data Monitors Optimization
Module 4 – Variables Customization
Module 5 – ArcSight Lists and Rules
Module 6 – Designing ESM Reports
Module 7 – Query Viewers Authoring
Module 8 – Unified Event Search Tools

Objectives
This course prepares you to:
Navigate HP ArcSight ESM Console and Command Center to correlate, investigate, analyze, and remediate both exposed and obscure threats
Construct HP ArcSight Variables to provide advanced analysis of the event stream
Develop HP ArcSight Lists and Rules to allow advanced correlation activities
Optimize event-based data monitors to provide real time viewing of event traffic and anomalies
Design new report templates and create functional reports
Find events through the search tools
How to register
Click on this link to register for this course: https://inter.viewcentral.com/events/cust/catalog.aspx?cid=arcsight&event_id=508&pid=1
Policies, fees and cancellations
Course fees may vary and are established and collected by the training center delivering the course. Cancellation fees may apply. Contact your HPE
Authorized Training Partner for their respective policies.

For more information

Contact our program

Learning resources that were developed before the Hewlett-Packard Company separation might contain some content and brand elements that have not been updated for Hewlett Packard
Enterprise. Learning resources with the highest usage are updated.

© Copyright 2017 Hewlett Packard Enterprise. The information contained herein is subject to change without notice. The only warranties for HPE products and services are set forth in the express warranty
statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HPE shall not be liable for technical or editorial errors or omissions contained
herein.
Information is as of March 2017, Revision 6