ArcSight ESM Advanced Analyst - ASE
This course provides you with the knowledge needed to use advanced ArcSight ESM content to find and correlate event information. And to carry out actions such as notifications to stakeholders, graphical analyses of event data and reporting on security incidents within your security environment. You will become (more) familiar with the advanced correlation options within ArcSight ESM, which gives you an important advantage in detecting active attacks.
This training covers the ArcSight security problem solving methodology. Advanced ArcSight ESM content is used to find, monitor and fix security incidents. During the training you will learn to use variables and correlate event activities, adjust reporting templates for dynamic content, and adjust notification templates to send the correct notification based on specific characteristics of events.
This course is intended for operators/analysts who:
- define the security objectives of the organisation; and
- generate or use advanced content for event correlation to see if these security objectives are being met.
To be able to attend this training, we recommended you have completed:
ArcSight ESM Administrator and Analyst training
And have knowledge of:
- Standard security device functionalities, such as IDS/IPS, Network and Host-based firewalls, etc.
- Standard network device functionalities, such as routers, switches, hubs, etc.
- TCP/IP functionalities, such as CIDR blocks, subnets, addressing, communications, etc.
- Windows operating system tasks, such as installations, services, sharing, navigation, etc.
- Possible attack activities, such as scans, man-in-the-middle, sniffing, DoS, DDoS, etc. and possible abnormal activities such as worms, Trojans, viruses, etc.
- SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc.
- Security responsibilities, such as confidentiality, integrity and availability
Duration: 5 days
As an ArcSight Certified Training Partner in the Benelux, Kahuna employs several certified trainers who regularly provide this training. The training can be provided in both Dutch and English.