Overview

This course provides you with techniques to proactively analyze and troubleshoot the ESM 7.0 Database and Manager to provide efficient services to your organization. This course shows you how to design and deploy hierarchical, fault tolerant manager implementations as well integration strategies between ArcSight ESM and other ArcSight appliances such as Logger, Connector Appliance, Command Center and the other ArcSight products.

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Common security devices such as IDS and firewalls
  • Common network device functions, such as routers, switches, and hubs
  • TCP/IP functions such as CIDR blocks, subnets, addressing, and communications
  • Basic Windows operating system tasks and functions
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
  • Completed the ArcSight ESM Administrator and Analyst course, or have at least 6 months experience administering ArcSight ESM

Delegates will learn how to

Upon successful completion of this course, you should be able to:

  • Review ArcSight enterprise solutions
    • Hierarchical, high availability and fail over capabilities DCC
  • Install multiple SmartConnectors to provide peer to peer and fail over connections
  • Configure a hierarchical multi-manager setup using the ArcSight forwarding connector
  • Configure ArcSight ESM CORRE to:
    • Provide password lock out criteria
    • Allow for larger log files
    • Provide for single session logins
    • Deploy a new ArcSight license
    • Custom Console functionality
    • Categorize specific network events
    • Import assets using the Asset Import FLEX Connector
    • Personalize the ArcSight Web interface
  • Review the Manager and Connector to troubleshoot your ArcSight environment

Audience/Job Roles
This course is intended for Administrators who:

  • Install, maintain, and troubleshoot ESM components
  • Design and implement integrations between ArcSight ESM and other ArcSight appliances
  • Proactively investigate the health of the ESM CORRE environment

Outline

Module 1: Compact & Distributed Correlation Components
Module 2: ESM Architecture
Module 3: Installing ESM Distributed Mode
Module 4: Installing Additional ESM Components (Lab only)
Module 5: Configuring and Running ESM Components (Lab only)
Module 6: Reviewing Command Center
Module 7: Installing the ESM Console
Module 8: Installing SmartConnectors
Module 9: Configuring SmartConnector Destinations
Module 10: SmartConnectors Configurations and Advanced Features
Module 11: Installing the ESM Forwarding Connector
Module 12: Managing the Network Model
Module 13: System Health Checks and Patching
Module 14: Daily Archives
Module 15: ESM Backup and Restore
Module 16: Certificate Management