OpenText ArcSight Data Platform is a SIEM platform that unifies data collection and log management of machine data for security intelligence. Micro Focus ArcSight Logger is a component of Micro Focus ArcSight Data Platform. In this course you will learn how to perform a successful ArcSight Software Logger installation from scratch, ingest replay events, and creating nice dashboards.
((Announcemt))
Significant expansion to the Course Circuilum on 23rd of August 2023
Renamed the course from “Micro Focus ArcSight Logger Hands-On” to “ArcSight Logger & ESM Hands-On” and added below 5 x extra sestions:
1) ESM Installation
2) ESM Console Demystified
3) ESM Hands-ON
4) ESM Administration
5) ArcSight Theory
The above 5 sections will cover the following lessons:
Import Brute Force package from ArcSight marketplace
Import Sysmon package from ArcSight marketplace
What is SIEM
ArcSight SIEM
ESM Enables Situational Awareness
ESM Anatomy
SmartConnectors
ArcSight Manager & CORR-EngineStorage
User Interfaces & Use Cases
Interactive Discovery & Pattern Discovery
ESM on an Appliance & Logger & ArcSight Solutions
Life Cycle of an Event Through ESM
Data Collection and Event Processing – Collect & Normalize Event Data
Data Collection and Event Processing – Apply Event Categories
Data Collection and Event Processing – Look up Customer and Zone in Network Model
Data Collection and Event Processing – Filter and Aggregate Events & Managing SmartConnector Configurations
Priority Evaluation and Network Model Lookup
Workflow
Correlation Evaluation – Correlation Overview & Filters & Rules
Correlation Evaluation – How Rules are Evaluated & How Rules Use Active & Session Lists
Correlation Evaluation – Data Monitors
Correlation Evaluation – How Correlation Uses Local and Global Variables & Velocity Templates
Correlation Evaluation – Event Types
Fixing Time of Log Source
Forgotten ESM Account Password and Disabled Account
