ArcSight Education

Zertifizierte Classroom Trainings jetzt auch in deutscher Sprache: www.knowledgegap.de

ArcSight ESM Training Tracks

Industry-leading ArcSight Education provides professional training classes to enhance and certify the proficiency of customers and business partners. Training for ArcSight ESM is offered in both instructorled courses and self-paced e-learning formats.

ArcSight Education
For more information about Arcsight Education, visit www.arcsight.com or email traininginfo@arcsight.com.

ArcSight Analyst Track

The ArcSight Education Analyst Track is focused on tasks and responsibilities of operators and analysts within enterprise security organizations. Topics span ArcSight ESM Console navigation and resource utilization, ArcSight ESM customization and content creation, as well as usage of ArcSight tools and best practices.

ArcSight Analyst Track

ArcSight ESM Self-Study Environment for Operators ArcSight Certified Security Analyst (ACSA) Building Use Cases with ArcSight ESM ArcSight Advanced Content Creation

ArcSight Education: ArcSight ESM Training Tracks

ArcSight ESM Training Self-Study for Operators

ArcSight Self-Study Environment for Operators
ArcSight Self-Study Environment for Operators provides comprehensive training for users of ArcSight ESM with exercises specifically intended for SOC operators. Topics and features include:
Comprehensive virtual ArcSight

Event Replay Zones, Filters and Common

Content customization,

development, and testing

Staging and implementing use

ESM SOC environment Complete event database with rich sample data Interactive, hands-on training on the common ESM functionality and procedures Modular format enables users to select the topics and lessons applicable to their jobs Virtual environment allows return to lessons at any time to refresh learning

Condition Editor Dashboards and Datamonitors Report Generation and Report Authoring Cases Management Charts Usage and Authoring ArcSight Web Usage Rules Theory, Authoring and Operation Active Lists Definition Assets Definition and Management Vulnerability Definition Session Correlation

case solutions in the target security environment Utilizing ArcSight ESM Packaging facilities to assemble and distribute use case content This is an advanced workshop with prerequisites.

ArcSight Advanced Content Creation

Coming soon

ArcSight ESM Training Building Use Cases

Building Use Cases in ArcSight ESM
The Building Use Cases in ArcSight ESM training course will provide you with an in-depth emersion into the process and creation of Use Cases within ArcSight ESM. This process offers a consistent methodology for custom content definition and authoring in a business environment.
Duration: 3 days

ArcSight Administrator Track

The ArcSight Administrator Track is intended for individuals responsible for installing, maintaining, upgrading and integrating ArcSight products within a corporate IT infrastructure. Focus is on topics outside of the ArcSight ESM Console such as partition management, report query optimization, GUI customization and Oracle Database Administration. ArcSight Administrator Track
ArcSight ESM Self-Study Environment for Operators ArcSight Certified Integrator/ Administrator (ACIA) ArcSight Advanced Administrator FlexConnector Developers Workshop

ArcSight ESM Training ACSA

ArcSight Certified Security Analyst
ACSA attendees will become intimately familiar with all aspects of ArcSight Console usage as well as demonstrate a basic level of proficiency in ArcSight authoring environments and interfaces.
Duration: 5 days

Topics and features include:

Assessment and definition of Use

Topics and features include:

Console Basics, Preference

Case requirements Identification of qualifying business objectives Incorporating industry or organizational compliance requirements Leveraging ArcSight ESM native resource content and best practices

Settings, Navigator Panel and Resource Tree, Viewer Panel and Inspector Panel

ArcSight Education: ArcSight ESM Training Tracks

ArcSight ESM Training - SelfStudy for Operators

See the course description found in the Analyst Track

ArcSight ESM Training - ACIA

ArcSight Certified Integrator/ Administrator ACIA attendees will be introduced to ArcSight Console administration and installation of the ArcSight Manager, the centralized ArcSight database as well as ArcSight SmartConnectors.
Duration: 4 days

Oracle 10g database infrastructure. A key area of focus will detail integration strategies for ArcSight Logger, Threat Remediation Manager and the Connector Appliance within ArcSight ESM environments.
Duration: 4 days

ArcSight Connector Training FlexConnector

ArcSight FlexConnector Configuration Training
ArcSight FlexConnector Configuration Training will provide participants with an overview of ArcSight Connectors and dependencies within the ArcSight ESM Schema. Attendees will learn to implement FlexConnector configuration files and utilize various parsing methods, leveraging examples from standard connectors.
Duration: 3 days

Topics and features include:

Integration scenarios with ArcSight

Topics and features include:

Administration of Users, Access

Controls and Notifications Administration of Connectors Overview of Multi-Manager Architectures Configuration of SNMP capabilities Installers for Manager, Database and SmartConnectors Basic DBA Skills Basic FlexConnector overview Basic third-party system interfaces overview

ArcSight Advanced Administrator Training

ArcSight Advanced Administrator for ESM
The ArcSight Advanced Administrator for ESM will be trained in the maintenance and optimization of ArcSight ESM and troubleshooting the

Logger, Connector Appliance, and Threat Remediation Manager ArcSight ESM multi-manager architectures for high-performance, high-availability and fail over Authentication credentials for ArcSight ESM environments Assessing and fine tuning ArcSight ESM Manager, Oracle Database Capacities and Event Throughput Using Oracle database tools to determine and optimize Oracles explain plan for ArcSight queries Assess and apply ArcSight best practices for database backup and recovery Customizing ArcSight Case Management and the ArcSight Web Interface Advanced ArcSight Network and Asset modeling

Topics and features include:

SmartConnector architecture and

FlexConnector types Connector installation, schema groupings, and configuration file conventions Parsing methods fixed delimited, regular expressions, database and SNMP Event field and severity mapping FlexConnector Wizard Advanced configuration options such as multi-line REGEX, parser linking and conditional mapping

This is an advanced workshop with prerequisites.

Attendees are expected to have a working knowledge of regular expressions to attend this course.

ArcSight Education: ArcSight Express and Logger Training

ArcSight Express and Logger Training

ArcSight Express InstructorLed Training
ArcSight Express Appliance hosts prepackaged ArcSight ESM components and production environment content for instant-on enterprise event and log management. Participants in ArcSight Express Training establish skills to effectively navigate supporting interfaces, identify and utilize prepackaged content, assess tuning requirements and customize ArcSight Express base configuration to enterprise network environments. Target audience includes IT Operations, System Administrators, System Security, Audit and Business Compliance Practitioners.
Duration: 4 Days Storage Appliance Configuration and Regular Expression and Field-based

User Management Storage Appliance Field-based and RegEx Search Queries Filters, Saved Searches, Report Customization and Authoring Connector Operations and Management

ArcSight Logger InstructorLed Training

ArcSight Logger is an appliancebased product for storing, managing, searching and reporting on enterprise network device log data. ArcSight Logger Training provides attendees a solid orientation of interface, configuration, event routing and query, interim storage and archive management. Hands-on training exercises include common functionality and procedures needed to quickly bring the ArcSight Logger appliance into production within enterprise event log management environments. Intended audience includes team members of security operations, network operations, as well as auditing and compliance disciplines.
Duration: 3 Days

Search Queries Using Filters and Saved Searches Logger Reporting Functions Specifying Report Data Customizing Report Displays Using and Customizing Dashboards Logger Alerts and Notifications Configuration Attribute Import, Export, Backup and Restore Connector Configuration Management

Also available via ArcSight Virtual Classroom

Topics and features include:

ArcSight Express Architectural

About ArcSight:
ArcSight (NASDAQ: ARST) is a leading global provider of compliance and security management solutions that protect enterprises and government agencies. ArcSight helps customers comply with corporate and regulatory policy, safeguard their assets and processes, and control risk. The ArcSight platform collects and correlates user activity and event data across the enterprise so that businesses can rapidly identify, prioritize, and respond to compliance violations, policy breaches, cybersecurity attacks, and insider threats. For more information, visit www. arcsight.com.

Features and Options

ArcSight Event Schema/Network

Modeling
Event Acquisition and Processing

Lifecycle
ArcSight Express User Interfaces Pre-configured Content Overview Manager Active Channels, Field

Sets, Filters, Dashboards, Reports, Workflow Cases, Notifications and Alerts Installing and Navigating the ArcSight Admin Console Network Modeling Wizard User and Group Administration Rules and Lists Use and Modification Notification Administration Storage Appliance User Interface

Topics and features include:

ArcSight Logger Concepts and

Facilities Logger Initialization and Setup Deployment Planning Navigating Logger Functionality Logger Configuration Settings Configuring Event Input and Output Managing User and Group Access

ArcSight, Inc.
5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters: +44 870 351 6510 Asia Pac Headquarters: 852 2166 8302
2009 ArcSight, Inc. All rights reserved. ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners. ARST-SB002-041609-01