Webové stránky používají k poskytování služeb, personalizaci reklam a analýze návštěvnosti soubory cookie. Informace, jak tyto stránky používáte, jsou sdíleny se společností Google. Používáním souhlasíte s použitím souborů cookie. Více informací.


Kód školení: LOG215

ArcSight Logger 7.x Search and Reporting

This two-day class covers how to search and run reports with ArcSight Logger. This course covers a brief overview of ArcSight Logger, searching for events, using search tools, working with filters and saved searches, designing and generating reports, and designing report dashboards.

Please note this course is a subset of the Logger Administration and Operations course. This course covers only the search and reporting modules from the Logger Administration and Operations course.

Obsah školení

1: Introduction to Logger

 Describe the basic features and functions of Logger
 Describe how different Logger models are used
 Explain how Logger processes event data
 Explain what CEF is and how it is used

2: Event Search

 Explain how (at a high level) Logger searches events
 Describe basic differences of how keyword, field-based, Regex, and pipeline searches are performed
 Enable peer Loggers for searching
 Use unified Search page to initiate any type of search
 Use auto-complete feature to save time during data entry
 Describe how search results are displayed
 Narrow your search interactively using displayed results
 Use wild cards in search queries
 Explain how indexing improves search performance
 Modify field indexing

3: Search Tools

 Use the Search Builder Tool as the common user interface to create any queries, in any combination with pipeline operators
 Customize and save field sets for customized results displays
 Apply constraints to a search
 Validate performance of a query using Search Analyzer
 Run a search query and analyze results
 Refine and rerun a search with the results display
 Rerun a search at regular intervals using Auto Update
 Describe the function of a static correlation
 Use the Live Event Viewer to display real time raw events

4: Filters, Saves Searches & Scheduled Alerts

 Save a query as a filter or a saved search, and retrieve it later
 Describe the different types of filters used in Logger
 Create, copy, edit, or delete a shared filter
 Create and use search group filters
 Change search parameters using Advanced Search Options
 Search Logger from the ArcSight ESM Console

5: Logger Dashboards

 Describe the types of panels on a Dashboard
 Describe built-in Dashboards
 Create and modify a Dashboard

6: Exploring Logger Reports

 Use Navigation Explorers to locate pre-defined and user created report resources
 Run a report using Run, Quick Run, or Run in Background and describe the differences
 Use time range, device/storage group, and peer loggerconstraints when running a report
 Run a report as a scheduled report job
 Publish or Email report results
 Use Report Category Filters (SysAdmin)
 Manage server properties and deploy report bundles

7: Designing Reports

 Copy and save a customized report to your needs
 Use the facilities of the Adhoc Report Designer page to modify a report design
 Use the icons in header of a report display to edit its design
 Copy and save a customized report template to your needs
 Edit a report layout to adjust the fonts, colors, and
arrangement you want

8: Generating Reports

 Create and edit a report query
 Explain differences between Logger search queries and Logger report queries
 Use the SQL Editor to construct report queries
 Customize query fields with hyperlinks, formatting, and formulas
 Group query fields for reports
 Specify mandatory filtering on pre-defined fields or user specified fields
 Create lookup values for field attributes
 Create and use parameters and parameter groups

9: Using and Designing Report Dashboards

 Modify the default home page for Reports to display a dashboard view
 Design a new report dashboard
 Configure and add Report and External Link widgets
 Change the layout and contents of a report dashboard
 Set preferences and views for report dashboards
 Delete report dashboards and dashboard elements

Předpokládané znalosti

  • Basic Logger knowledge or experience
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
  • Basic Windows operating systems tasks and functions

Cena školení

22.000,- Kč bez DPH
26.620,- Kč s DPH

Termíny školení

Momentálně nejsou vypsané žádné termíny kurzu. Napište nám o termín.

Virtuální kurz

Datum Jazyk kurzu Délka kurzu
Virtuální kurz Angličtina 2 dny Registrovat

Alternativní termín

Nevyhovuje vám žádný z navrhovaných termínů? Napište nám o vypsání alternativního termínu.

Kontaktujte nás