3-7310 – ArcSight Enterprise Security Manager Administration

Cílová skupina

• Design and implement integrations between ArcSight ESM and other ArcSight products
• Proactively investigate the health of the ESM CORRE environment.

Struktura kurzu

Module 1: Introduction to ESM Administration
• Describe each ESM system component

Module 2: ESM Distributed Components
• Recognize where ESM fits within the ArcSight Architecture
• Define each ESM operation modes, Compact and Distributed, and the issues ESM Distributed Mode comes to solve
• Describe the ESM Distributed Mode components
• Recognize the ArcSight Data Platform (ADP) and its components

Module 3: Installing ESM Distributed Mode
• Plan System Hardware Requirements
• Check Operating System Pre-Installation
• Install ESM Persistor Node
• Install ESM Correlator Aggregator Node
• Configure Integration of the Persistor Node
• Add Correlator Aggregator Services
• Configure Message Bus Data and Control Instances from Persistor
• Configure Repository Instances from Persistor
• Configure Distributed Cache on Correlator Aggregators
• Run Cert Admin Approveall
• Start All Cluster Wide Services from Persistor Node

Module 4: Maintaining ESM Properties Files and Upgrades
• Customize ArcSight ESM using Properties File
• Prepare System for an Upgrade
• Upgrade ESM
• Upgrade the ESM Console

Module 5: Installing the ESM Console
• Install the ESM Console
• Customize the ESM Console
• Describe Tools available in the ESM Console

Module 6: Installing SmartConnectors
• Describe how Connectors collect, normalize, and cache events
• Install and configure ArcSight SmartConnectors
• Identify Connector Command Scripts
• Describe how Connectors can be managed from an ESM Console, a Connector Appliance,
or ArcSight Management Center

Module 7: Managing the Network Model
• List Network Model resources
• Describe Asset Model resources
• Add the following modelling resources:
• Assets
• Asset Ranges
• Zones
• Network and attach it to a connector
• Import Zone and Asset information with the Network Model wizard
• Explain the use of the Asset Import Connector

Module 8: Configuring SmartConnector Destinations
• Get SmartConnector Status
• Set SmartConnector Flow-Control
• Use SmartConnector Administrative Dashboards
• Configure SmartConnectors for Failover and Dual Destinations

Module 9: Installing the ESM Super and Syslog Connectors
• Installing and configure a Forwarding Connector
• Installing and configure a Syslog connector

Module 10: SmartConnectors Configurations and Advanced Features
• Configuring SmartConnectors using advanced features such as turbo mode, map files,
event filtering, network options and event aggregation
• Constructing advanced configuration settings for optimal performance and data enrichment

Module 11: Command Center
• Logging onto the ArcSight Command Center
• Identifying functions and navigate the User Interface
• Using the ArcSight Command Center Help Facility
• Configure:
• Authentication
• Content
• Storage
• Appliances
• Identifying stock content dashboards

Module 12: Accessing Administrator Content
• Reviewing Administrator Reports, Dashboards and Filters
• Running and Archiving Reports
• Using Administrator Data Monitors

Module 13: Content Management and Peering
• Peering ESMS
• Performing Peer Searches
• Creating Packages and Pushing content to a Peer

Module 14: ESM User Administration and Notification
• Creating Users and setting User Notifications
• Managing Resource Permissions
• Accessing and Modifying Password Properties
• Configuring ArcSight Notifications

Module 15: ESM Certification Management
• Describing uses of SSL technology in ArcSight ESM
• Describing SSL setup options
• Keytool/keytoolgui
• Certadmin
• Identifying the steps to deploy:
• Self-signed Certificates
• Approve/revoke distributed mode Certificates
• CA (Certificate Authority)-signed Certificates

Module 16: ESM Backup and Restore
• Restoring the ESM Manager’s configurations
• Backing up and restoring ESM
• Describing CORR-E Daily Job Archiving