Micro Focus APJ ArcSight ESM 7.0 Advanced Analyst - Virtual Instructor-Led Training 

Course Agenda:

Monday, September 21, 2020 to Friday, September 25, 2020

9:00 AM to 6:00 PM

(India Standard Time)

Course Descriptions:

This course provides you with the knowledge required to use advanced ArcSight ESM 7.0 content to find and correlate event information, perform actions such as notifying stakeholders, graphically analyze event data, and report on security incidents. You will familiarize and/or reinforce your understanding of the advanced correlation capabilities within ArcSight ESM that provide a significant edge in detecting active attacks. 

This course covers ArcSight security problem solving methodology using advanced ESM 7.0 content to find, track and remediate security incidents. During the training, you will use variables and correlation activities, customize report templates for dynamic content, and customize notification templates to send the appropriate notification based upon specific attributes of an event. 

Course Targeted Audience:

This course is intended for students to:

  • Define their organization’s security objectives 
  • Build or use advanced content to correlate, view and respond to those security objectives 

Course Objectives:

Upon successful completion of this course, you should be able to:

  • Navigate ArcSight ESM console and command center to correlate, investigate, analyze and remediate both exposed and obscure threats
  • Construct ArcSight variables to provide advanced analysis of the event stream
  • Develop ArcSight lists and rules to allow advanced correlation activities
  • Optimize event-based data monitors to provide real-time viewing of event traffic and anomalies 
  • Design new report templates and create functional reports 
  • Find events through the search tools 

Course Pre-requisites:

Students are advisable to complete all Level 300 series courses and knowledge checks available in SABA via Micro Focus Partner Portal https://microfocuspartner.force.com/s/

  • ArcSight Technical Overview, Level 300
  • ArcSight Data Platform Technical Presentation Training, Level 320
  • ArcSight Data Platform Knowledge Check, Level 320
  • ArcSight Data Platform Demo Training, Level 340
  • ArcSight Data Platform Knowledge Check, Level 340
  • ArcSight ESM Technical Presentation Training, Level 320
  • ArcSight ESM Knowledge Check, Level 320
  • ArcSight ESM Demo Training, Level 340
  • ArcSight ESM Knowledge Check, Level 340

And to be successful in this course you should have the following knowledge: 

  • Common security devices such as IDS and firewalls
  • Common network device functions, such as routers, switches, and hubs
  • TCP/IP functions such as CIDR blocks, subnets, addressing, and communications 
  • Basic Windows operating system tasks and functions 
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses 
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards 
  • Completed the ArcSight ESM Administrator and Analyst ATP course or 6 months experience administering ArcSight ESM 

Important Notes:

  • Micro Focus Partner Portal Person Legal ID / SABA ID is required during registration.
  • Must be able to attend and complete the 5 full days training in order to receive credit in your SABA training record.
  • At the end of the training there is an online Proctored exam by the Trainer.
  • Close registration date is 7 September 2020, 6pm SG time.

 

For more information, you may contact ellen.lim@microfocus.com.