Overview

ArcSight Management Center (ArcMC) simplifies policy configuration, deployment maintenance and monitoring tasks. This course provides hands-on techniques needed to centralize device management, user management, and configuration management with ArcMC. Learn integration strategies to reduce daily management of ArcMC, Logger, Event Broker and Connectors products.

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Six months experience administering ArcSight products (Connectors, Connector Appliances, Loggers)
  • Knowledge of:
  • ArcSight SmartConnector, Connector Appliance, Event Broker, ESM and/or Logger operational and administrative concepts
  • Computer desktop and network browser skills
  • TCP/IP networking, file system and database concepts
  • Configuration management, User Management and concepts
  • Enterprise security, event and log management experience is highly advantageous
  • Upgrade Logger and Connectors though ArcMC interface
  • Forward Configuration of ArcMC Audit events

Audience/Job Roles
This course is intended for those who:

  • Administer, configure, maintain, and troubleshoot ArcSight Management Centers, Loggers, Event Broker, and Connectors
  • Manage users roles and entitlements for ArcSight Management Centers, Loggers, Event Broker, and Connectors

Delegates will learn how to

  • Describe the components of an ArcMC environment, how they interoperate, and requirements for centralized management of ArcSight Products.
  • Develop user roles for Loggers and ArcMC: Grant entitlements to these roles and deploy to managed devices
  • Monitor system health status of all ArcMC managed nodes and devices through breach rules and status monitoring
  • Use of initial configurations for rapid Logger deployment
  • Use of subscriber configuration policies to confirm compliance to baselines
  • Set up the Event Broker as a managed node on ArcMC; configure Connectors as EB Producers and Loggers as EB Consumers, plus create topics and Routes for EB
  • Describe and Configure the Global Event ID and Generator ID in all components

Outline

Module 1: Orientation, Architecture, and Navigation

  • Describe problems ArcMC solves
  • Describe where ArcMC fits in ArcSight deployments
  • Identify the differences between the software/appliance form factors
  • Articulate how the product’s UI is organized

Module 2: System Administration

  • Differentiate ArcMC Appliance and Software ArcMC form factor System Admin facilities
  • Locate and configure ArcMC device settings
  • Obtain audit log content
  • Enable ssh access (Appliance only)
  • Upload licenses
  • Perform upgrades

Module 3: Node Management and Agent Installation

  • Describe how ArcMC manages ArcSight Products (ArcMC, Connector Appliances, Loggers, Connectors)
  • Install and configure Connectors
  • Import and export hosts and nodes