ArcSight Logger 7.x Search and Reporting V(ILT)

Kód kurzu: LOG215

Tato část není lokalizována

This two-day class covers how to search and run reports with ArcSight Logger. This course covers a brief overview of ArcSight Logger, searching for events, using search tools, working with filters and saved searches, designing and generating reports, and designing report dashboards.

22 000 Kč

26 620 Kč s DPH

Nejbližší termín od Individuální

Výběr termínů

Odborní
certifikovaní lektoři

Mezinárodně
uznávané certifikace

Široká nabídka technických
a soft skills kurzů

Skvělý zákaznický
servis

Přizpůsobení kurzů
přesně na míru

Termíny kurzu

Počáteční datum: Individuální

Forma: Individuální

Délka kurzu: 2 dny

Jazyk: en

Cena bez DPH: 22 000 Kč

Registrovat

Počáteční
datum
Místo
konání
Forma Délka
kurzu
Jazyk Cena bez DPH
Individuální Individuální 2 dny en 22 000 Kč Registrovat
G Garantovaný kurz

Nenašli jste vhodný termín?

Napište nám o vypsání alternativního termínu na míru.

Kontakt

Popis kurzu

Tato část není lokalizována

This two-day class covers how to search and run reports with ArcSight Logger. This course covers a brief overview of ArcSight Logger, searching for events, using search tools, working with filters and saved searches, designing and generating reports, and designing report dashboards.

Please note this course is a subset of the Logger Administration and Operations course. This course covers only the search and reporting modules from the Logger Administration and Operations course.

Cílová skupina

Tato část není lokalizována

System analysts who need to search and run reports using arcsight logger

Struktura kurzu

Tato část není lokalizována

1: Introduction to Logger

 Describe the basic features and functions of Logger
 Describe how different Logger models are used
 Explain how Logger processes event data
 Explain what CEF is and how it is used

2: Event Search

 Explain how (at a high level) Logger searches events
 Describe basic differences of how keyword, field-based, Regex, and pipeline searches are performed
 Enable peer Loggers for searching
 Use unified Search page to initiate any type of search
 Use auto-complete feature to save time during data entry
 Describe how search results are displayed
 Narrow your search interactively using displayed results
 Use wild cards in search queries
 Explain how indexing improves search performance
 Modify field indexing

3: Search Tools

 Use the Search Builder Tool as the common user interface to create any queries, in any combination with pipeline operators
 Customize and save field sets for customized results displays
 Apply constraints to a search
 Validate performance of a query using Search Analyzer
 Run a search query and analyze results
 Refine and rerun a search with the results display
 Rerun a search at regular intervals using Auto Update
 Describe the function of a static correlation
 Use the Live Event Viewer to display real time raw events

4: Filters, Saves Searches & Scheduled Alerts

 Save a query as a filter or a saved search, and retrieve it later
 Describe the different types of filters used in Logger
 Create, copy, edit, or delete a shared filter
 Create and use search group filters
 Change search parameters using Advanced Search Options
 Search Logger from the ArcSight ESM Console

5: Logger Dashboards

 Describe the types of panels on a Dashboard
 Describe built-in Dashboards
 Create and modify a Dashboard

6: Exploring Logger Reports

 Use Navigation Explorers to locate pre-defined and user created report resources
 Run a report using Run, Quick Run, or Run in Background and describe the differences
 Use time range, device/storage group, and peer loggerconstraints when running a report
 Run a report as a scheduled report job
 Publish or Email report results
 Use Report Category Filters (SysAdmin)
 Manage server properties and deploy report bundles
(SysAdmin)

7: Designing Reports

 Copy and save a customized report to your needs
 Use the facilities of the Adhoc Report Designer page to modify a report design
 Use the icons in header of a report display to edit its design
 Copy and save a customized report template to your needs
 Edit a report layout to adjust the fonts, colors, and
arrangement you want

8: Generating Reports

 Create and edit a report query
 Explain differences between Logger search queries and Logger report queries
 Use the SQL Editor to construct report queries
 Customize query fields with hyperlinks, formatting, and formulas
 Group query fields for reports
 Specify mandatory filtering on pre-defined fields or user specified fields
 Create lookup values for field attributes
 Create and use parameters and parameter groups

9: Using and Designing Report Dashboards

 Modify the default home page for Reports to display a dashboard view
 Design a new report dashboard
 Configure and add Report and External Link widgets
 Change the layout and contents of a report dashboard
 Set preferences and views for report dashboards
 Delete report dashboards and dashboard elements

Předpokládané znalosti

Tato část není lokalizována

  • Basic Logger knowledge or experience
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
  • Basic Windows operating systems tasks and functions

Potřebujete poradit nebo upravit kurz na míru?

Daniel Šťastný

Daniel Šťastný

produktová podpora

Platební brána ComGate Logo MasterCard Logo Visa