ARC4300i – Installing and Configuring ArcSight Platform

Kód kurzu: ARC430

This instructor-led course teaches you how to install and configure ArcSight Platform 23.2 on-premise with the ArcSight Platform Installation program.

Odborní
certifikovaní lektoři

Mezinárodně
uznávané certifikace

Široká nabídka technických
a soft skills kurzů

Skvělý zákaznický
servis

Přizpůsobení kurzů
přesně na míru

Termíny kurzu

Počáteční datum: Na vyžádání

Forma: Virtuální

Délka kurzu: 5 dnů

Jazyk: en

Cena bez DPH: 92 400 Kč

Registrovat

Počáteční
datum
Místo
konání
Forma Délka
kurzu
Jazyk Cena bez DPH
Na vyžádání Virtuální 5 dnů en 92 400 Kč Registrovat
G Garantovaný kurz

Nenašli jste vhodný termín?

Napište nám o vypsání alternativního termínu na míru.

Kontakt

Popis kurzu

On completion of this course, participants should be able to:

  • Describe the ArcSight Platform and its Architecture
  • Describe the system requirements
  • Install ArcSight Platform
  • Verify a successful installation
  • Configure ArcSight Platform to ingest events
  • Configure collectors and CTH with ArcMC
  • Configure Topics and Routes
  • Configure ESM and SOAR Integration
  • Manage ArcSight Users
  • Enable Single Sign-On
  • Add features to an existing ArcSight installation

Cílová skupina

This course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight Platform within their environment.

Struktura kurzu

Module 1: Architecture

  • Describing the ArcSight Platform and its Architecture
  • Describing the underlying CDF infrastructure
  • Identifying the ArcSight Platform Capabilities
  • Explaining other related components to the Platform
  • Considerations and Best Practices

Module 2: System Requirements

  • Describing the following:
    o System Requirements
    o Host Requirements
    o DNS requirements
    o NFS Requirements
    o ArcSight Database

Module 3: YAML Files

  • Configuring the ArcSight Platform YAML Files

Module 4: Installing ArcSight Platform

  • Pre-installing ArcSight
  • Installing ArcSight

Module 5: Post-Install Activities

  • Checking the status of the ArcSight Platform Installation
  • Accessing and exploring the ITOM Management Portal
  • Running the post-install command to finalize the deployment
  • Uploading License Files under the ITOM Management Portal
  • Logging into Fusion for the First Time

Module 6: Transformation Hub Management from Fusion ArcMC

  • Validating a successful integration between Transformation Hub and the new containerized ArcMC available in Fusion
  • Retrieving the master root certificate

Module 7: Producing Events and Transformation Hub Ingestion

  • Recognizing and describing how events are produced
  • Describing event formats: classic (CEF) and AVRO
  • Installing a CEF Producer and AVRO Producer of events
  • Detailed walkthrough of the configuration steps and all parameters
  • Sending Test Alerts Replay Events to Transformation Hub
  • Validating Topics and Transformation Hub Ingestion

Module 8: Collectors and CTH Deployment from ArcMC

  • Defining the difference between a Collector and Connector
  • Listing the advantages of using Collectors
  • Describing what’s needed to perform a Collector Deployment using ArcMC
  • Deploying CTH from ArcMC and route events from th-syslog to other topics

Module 9: Topic and Route Management

  • Managing Topic and Routes
  • Local vs Global Event Enrichment
  • Types of Stream Processor Instances in Transformation Hub
  • Configuring Topics and Routes – Step by Step Example for Global Event Enrichment

Module 10: Integrating ESM and SOAR

  • Configuring the ESM and SOAR Integration
  • Verifying a Successful Integration

Module 11: Enabling Single Sign-On

  • Configuring the ESM Admin User for Single Sign-on
  • Enabling Single Sign-on

Module 12: Managing Users in ArcSight

  • Managing ArcSight Users Overview
  • Managing ESM Users
  • Managing Fusion Users
  • Managing SOAR Users
  • Defining Recon User Permissions and Roles
  • Defining Intelligence User Permissions and Roles

Module 13: Adding More ArcSight Capabilities

  • Describing the benefits of adding more ArcSight capabilities
  • Adding more ArcSight capabilities
  • Specify mandatory filtering on pre-defined fields or user-specified fields
  • Create lookup values for field attributes
  • Create and use parameters and parameter groups

Předpokládané znalosti

This course assumes a familiarity working with command line tools, have experience deploying applications in Windows and Linux environments, and having computer desktop, browser, and file system navigation skills.

Potřebujete poradit nebo upravit kurz na míru?

onas

produktová podpora

Platební brána ComGate Logo MasterCard Logo Visa