Course Description

This two-day class covers how to search and report with ArcSight Logger. This course begins with a quick overview of Logger and moves into searching for events, using search tools, working with filters and saved searches as well as designing and generating reports. The course wraps with report dashboards.

Please note this course is a subset of the full Logger Administration and Operations course, covering only the search and reporting modules of the full course.

Audience/Job Roles

This course is intended for any system analysts who need to search and report using ArcSight Logger.

Course Objectives

Upon successful completion of this course, you should be able to:

•Explain how Logger processes event data

•Enable peer Loggers for searching

•Use the Search Builder tool as the common UI to create any queries, in any combination withpipeline operators

•Save a query as a filter or a saved search, and retrieve it later

•Run a report as a scheduled report job

•Copy and save a customized report template to meet your needs

•Create and edit a report query

•Design a new report dashboard

Prerequisites/Recommended Skills

To be successful in this course, you should have the following prerequisites or knowledge:

• Basic Logger knowledge or experience

• Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses

• Basic Windows operating system tasks and functions

• SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards

Recommended:

• Successful completion of Use Case Foundations course or equivalent experience

• Successful completion of Building Advanced Content course or equivalent experience

• Successful completion of Flex Connector Configuration course or equivalent experience

Certification

No certification associated with this course