Detail kurzu

ARC4300i – Installing and Configuring ArcSight Platform

EDU Trainings s.r.o.

Popis kurzu

This instructor-led course teaches you how to install and configure ArcSight Platform 23.2 on-premise with the ArcSight Platform Installation program. On completion of this course, participants should be able to:

Describe the ArcSight Platform and its Architecture
Describe the system requirements
Install ArcSight Platform
Verify a successful installation
Configure ArcSight Platform to ingest events
Configure collectors and CTH with ArcMC
Configure Topics and Routes
Configure ESM and SOAR Integration
Manage ArcSight Users
Enable Single Sign-On
Add features to an existing ArcSight installation

Obsah kurzu

Module 1: Architecture

Describing the ArcSight Platform and its Architecture
Describing the underlying CDF infrastructure
Identifying the ArcSight Platform Capabilities
Explaining other related components to the Platform
Considerations and Best Practices

Module 2: System Requirements

Describing the following:
o System Requirements
o Host Requirements
o DNS requirements
o NFS Requirements
o ArcSight Database

Module 3: YAML Files

Configuring the ArcSight Platform YAML Files

Module 4: Installing ArcSight Platform

Pre-installing ArcSight
Installing ArcSight

Module 5: Post-Install Activities

Checking the status of the ArcSight Platform Installation
Accessing and exploring the ITOM Management Portal
Running the post-install command to finalize the deployment
Uploading License Files under the ITOM Management Portal
Logging into Fusion for the First Time

Module 6: Transformation Hub Management from Fusion ArcMC

Validating a successful integration between Transformation Hub and the new containerized ArcMC available in Fusion
Retrieving the master root certificate

Module 7: Producing Events and Transformation Hub Ingestion

Recognizing and describing how events are produced
Describing event formats: classic (CEF) and AVRO
Installing a CEF Producer and AVRO Producer of events
Detailed walkthrough of the configuration steps and all parameters
Sending Test Alerts Replay Events to Transformation Hub
Validating Topics and Transformation Hub Ingestion

Module 8: Collectors and CTH Deployment from ArcMC

Defining the difference between a Collector and Connector
Listing the advantages of using Collectors
Describing what’s needed to perform a Collector Deployment using ArcMC
Deploying CTH from ArcMC and route events from th-syslog to other topics

Module 9: Topic and Route Management

Managing Topic and Routes
Local vs Global Event Enrichment
Types of Stream Processor Instances in Transformation Hub
Configuring Topics and Routes – Step by Step Example for Global Event Enrichment

Module 10: Integrating ESM and SOAR

Configuring the ESM and SOAR Integration
Verifying a Successful Integration

Module 11: Enabling Single Sign-On

Configuring the ESM Admin User for Single Sign-on
Enabling Single Sign-on

Module 12: Managing Users in ArcSight

Managing ArcSight Users Overview
Managing ESM Users
Managing Fusion Users
Managing SOAR Users
Defining Recon User Permissions and Roles
Defining Intelligence User Permissions and Roles

Module 13: Adding More ArcSight Capabilities

Describing the benefits of adding more ArcSight capabilities
Adding more ArcSight capabilities
Specify mandatory filtering on pre-defined fields or user-specified fields
Create lookup values for field attributes
Create and use parameters and parameter groups

Cieľová skupina

This course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight Platform within their environment.
Certifikát Na dotaz.
Hodnotenie




Organizátor