BEGIN:VCALENDAR VERSION:2.0 PRODID:-//swoogo.com//NONSGML kigkonsult.se iCalcreator 2.41.90// CALSCALE:GREGORIAN UID:36626634-3335-4539-b430-363735626332 BEGIN:VEVENT UID:7ed159e0562d4d44080845da7245b7398b05899a@swoogo.com DTSTAMP:20260411T090241Z DESCRIPTION:Course Description \n\nCreating Advanced ESM Content for Securi ty Use Cases covers ArcSight security problem solving methodology\n\nwithi n the ESM context. In this course\, you will learn advanced techniques to use ArcSight ESM content to find\,\n\ntrack and remediate security inciden ts specifically identified in the course use cases. During the training\, you will\n\nlearn to:\n\n• Use variables and correlation activities\n\n• C ustomize report templates to use dynamic content\n\n• Customize notificati on templates to send the appropriate notification based upon specific attr ibutes of an\n\nevent\n\nAudience/Job Roles\n\nThis course is intended for :\n\n• Defining organization’s security objectives\n\n• Building ArcSight ESM content to adhere to those objectives\n\nCourse Objectives\n\nUpon suc cessful completion of this course\, you should be able to:\n\n• In an ArcS ight ESM context\, define a Use Case\n\n• Use the Use Case worksheet from an initial problem statement\, generate requirement statements and\n\nprio ritize objectives\n\n• Identify data sources and ESM resources required to fulfil the objectives of the use case\n\n• To fulfil use case requirement s\, create identified ESM content\n\n• Construct ArcSight Variables to pro vide advanced analysis of the event stream\n\n• Develop ArcSight Rules to allow advanced correlation activities\n\n• Build event-based data monitors to provide real-time views of event traffic and anomalies\n\n• Implement custom velocity macros for notification\n\n• Package formulated ESM conten ts for the Use Case into ArcSight Resource Bundle\n\nPrerequisites/Recomme nded Skills\n\nTo be successful in this course\, you should have the follo wing prerequisites or knowledge:\n\n• 12 months experience creating ArcSig ht ESM content (recommended)\n\n• Computer desktop\, browser\, and file sy stem navigation skills\n\n• Basic understanding of TCP/IP networking and d atabase concepts\n\n• Enterprise security experience [highly advantageous] Plus\, an understanding of:\n\n▪ Network device functions and capabilitie s\, such as routers\, switches\, etc.\n\n▪ Security device functions and c apabilities\, such as IDS/IPS\, firewalls\, etc.\n\n▪ TCP/IP networking\, file system\, and database concepts\n\n▪ SOC Organizational structure and workflow hierarchy\n\n▪ SIEM terminology\, such as asset\, threat\, vulner ability\, safeguard\, etc.\n\n \n\n \n\n \n\n \n\n \n\n  DTSTART:20200907T070000Z DTEND:20200911T150000Z LAST-MODIFIED:20260411T090241Z LOCATION: SEQUENCE:0 STATUS:CONFIRMED SUMMARY:ESM280-70 ArcSight Creating Advanced ESM Content for Security Use C ases TRANSP:OPAQUE X-ALT-DESC;FMTTYPE=text/html:
\n

Course Description

\n\n

Creating Advanced ESM Conten t for Security Use Cases covers ArcSight security problem solving methodol ogy

\n\n

within the ESM contex t. In this course\, you will learn advanced techniques to use ArcSight ESM content to find\,

\n\n

track and remediate security incidents specifically identified in the course use cases. During the training\, you will

\n\n

learn to:

\n\n

- Use vari ables and correlation activities

\n\n

- Customize report templates to u se dynamic content

\n\n

- Customize notification templates to send the appropriate notification based upon specific attributes of an

\n\n

event

\n\n

Audience/Job Roles

\n\n

This course is intended for:

\n\n

- < span style='font-size:small\;'>Defining organization’s security objectives

\n\n

- Building ArcSight ESM content to adhere to those objectives

\n\n

Course Objectives

\n\n

Upon successful completion of this course\, you should be able to:

\n\n

- In an ArcSight ESM context\, define a Use Case< /span>

\n\n

- Use the Use Case worksheet from an initial problem statement\, generate requirement statements and

\n\n

prioritize objective s

\n\n

- Identify data sources and ESM resources required to fulfil the objectives of the use case

\n\n

- To fulfil use case requirements\, cr eate identified ESM content

\n\n

- Construct ArcSight Variables to prov ide advanced analysis of the event stream

\n\n

- Develop ArcSight Rule s to allow advanced correlation activities

\n\n

- Build event-based dat a monitors to provide real-time views of event traffic and anomalies

\n\n

- Implement custom velocity macros for notification

\n\n

- Package formulated ESM contents for the Use Case into ArcSight Resource Bundle

\n\n

Prerequisites/Recommended Skills

\n\n

To be successful in this course\, you should have the following prerequisites or knowledge:

\n\n

- 12 months experience creating ArcSight ESM content (recommended)

\n\n

- Computer desktop\, b rowser\, and file system navigation skills

\n\n

- Basic understanding o f TCP/IP networking and database concepts

\n\n

- Enterprise security e xperience [highly advantageous] Plus\, an understanding of:

\n\n

Network device function s and capabilities\, such as routers\, switches\, etc.

\n\n

Security device functions and capabiliti es\, such as IDS/IPS\, firewalls\, etc.

\n \n

TCP/IP networking\, file system\, and database concept s

\n\n

SOC Organizational structure and workflow hierarchy

\n\n

S IEM terminology\, such as asset\, threat\, vulnerability\, safeguard\, etc .

\n\n

 

\n\n

 

\n\n

 

\n\n

 

\n\n

 

\n\n

 

\n
BEGIN:VALARM UID:38313564-3266-4237-a333-633436616662 ACTION:DISPLAY DESCRIPTION:Course Description \n\nCreating Advanced ESM Content for Securi ty Use Cases covers ArcSight security problem solving methodology\n\nwithi n the ESM context. In this course\, you will learn advanced techniques to use ArcSight ESM content to find\,\n\ntrack and remediate security inciden ts specifically identified in the course use cases. During the training\, you will\n\nlearn to:\n\n• Use variables and correlation activities\n\n• C ustomize report templates to use dynamic content\n\n• Customize notificati on templates to send the appropriate notification based upon specific attr ibutes of an\n\nevent\n\nAudience/Job Roles\n\nThis course is intended for :\n\n• Defining organization’s security objectives\n\n• Building ArcSight ESM content to adhere to those objectives\n\nCourse Objectives\n\nUpon suc cessful completion of this course\, you should be able to:\n\n• In an ArcS ight ESM context\, define a Use Case\n\n• Use the Use Case worksheet from an initial problem statement\, generate requirement statements and\n\nprio ritize objectives\n\n• Identify data sources and ESM resources required to fulfil the objectives of the use case\n\n• To fulfil use case requirement s\, create identified ESM content\n\n• Construct ArcSight Variables to pro vide advanced analysis of the event stream\n\n• Develop ArcSight Rules to allow advanced correlation activities\n\n• Build event-based data monitors to provide real-time views of event traffic and anomalies\n\n• Implement custom velocity macros for notification\n\n• Package formulated ESM conten ts for the Use Case into ArcSight Resource Bundle\n\nPrerequisites/Recomme nded Skills\n\nTo be successful in this course\, you should have the follo wing prerequisites or knowledge:\n\n• 12 months experience creating ArcSig ht ESM content (recommended)\n\n• Computer desktop\, browser\, and file sy stem navigation skills\n\n• Basic understanding of TCP/IP networking and d atabase concepts\n\n• Enterprise security experience [highly advantageous] Plus\, an understanding of:\n\n▪ Network device functions and capabilitie s\, such as routers\, switches\, etc.\n\n▪ Security device functions and c apabilities\, such as IDS/IPS\, firewalls\, etc.\n\n▪ TCP/IP networking\, file system\, and database concepts\n\n▪ SOC Organizational structure and workflow hierarchy\n\n▪ SIEM terminology\, such as asset\, threat\, vulner ability\, safeguard\, etc.\n\n \n\n \n\n \n\n \n\n \n\n  TRIGGER:-PT30M END:VALARM END:VEVENT END:VCALENDAR