ESM180-Building Security Use Cases with ArcSight ESM7
Monday, September 28, 2020, 9:00 AM - Wednesday, September 30, 2020, 5:00 PM (UTC+02:00) Amsterdam
Countdown to the Event
Course Description
Building Security Use Cases with ArcSight ESM provides you with detailed knowledge of the
ArcSight security problem solving methodology, within the ESM context. In this course, you
learn the methodologies to develop use cases for current business scenarios, derived from the
top business drivers in the market. During the training, you will learn to:
• Identify business drivers to develop Use Cases using ArcSight ESM
• Identify Use Case problems and requirement statements associated with actual
scenarios
• Using the Use Case worksheet, document the use case
• Develop ArcSight ESM content to accommodate Use Case discrete objectives
Audience/Job Roles
This advanced course is intended for those whose primary responsibilities include:
• Defining organization’s security objectives
• Building ArcSight ESM content to adhere to those objectives.
Course Objectives
Upon successful completion of this course, you should be able to:
• In an ArcSight ESM context, define Use Case
• Using the Use Case worksheet from an initial problem statement, generate requirement
statements and prioritize objectives
• Identify data sources and ESM resources required to fulfil the objectives of the use case
• Create identified ESM content
• Construct ArcSight Active Channels to provide advanced analysis of the event stream
• Develop ArcSight Rules to allow correlation activities
• Build event-based data monitors to provide real-time viewing of event traffic
• Package formulated ESM content for Use Case into ArcSight Resource Bundle
Prerequisites/Recommended Skills
To be successful in this course, you should have the following prerequisites or knowledge:
• Common network device functions, such as routers, switches, hubs, etc.
• TCP/IP functions, such as CIDR blocks, subnets, addressing, communications, etc.
• Windows operating system tasks, such as installations, services, sharing, navigation, etc.
• SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc. •
Security directives, such as Confidentiality, Integrity, Availability