Skip to navigation (Press Enter)
Skip to search (Press Enter)
Skip to course offerings (Press Enter)
Skip to content (Press Enter)

ESM320-76

Online Training

Duration
5 days

Price

3,750.— € (excl. tax)
4,462.50 € (incl. 19% tax)

Dates and Booking

Request a date

Classroom Training

Duration
5 days

Price

Germany:
3,750.— € (excl. tax)
4,462.50 € (incl. 19% tax)

Dates and Booking

Request a date

Onsite Training

Request onsite training

OpenText

ArcSight-ESM-Advanced Analyst with Certified Expert Exam (ESM320-76) – Outline

Detailed Course Outline

Module 1: ESM Overview

Identify ESM Architecture
Describe the content of the ArcSight Event Schema
List the phases of the ArcSight Event Lifecycle
Describe the event processing and schema population performed during each phase of the event lifecycle
List the resources and tools applicable to specific phases of the event lifecycle

Module 2: Command Center

Access the ArcSight ESM Command Center
Monitor Usage Metrics
View System Metrics
Use the SOC/MITRE Dashboards
Access and use Active Lists
Utilize Field Sets

Module 3: ArcSight Console

Launch the ArcSight Console
Identify toolbar components and their functions
List the different views available in the Viewer panel
Identify three methods to access Console Help
Describe the Reference Resources and their characteristics
Identify ESM Console preference options
Customize your ESM Console

Module 4: Active Channels

Create a new Active Channel
View the details of an event
Identify Dynamic and Static Active Channels

Module 5: Filters

Describe Filter types and usage
Add, edit and save Filters to an Active Channel
Define the Common Conditions Editor

Module 6: Variable Customization

Describe functions available in Variables
Create both Local and Global Variables
Promote Local to Global Variables
Share Global Variables among multiple resources

Module 7: Data Monitors and Dashbords

Identify Data Monitor types and functions
Create a Data Monitor
Access and Use Dashboards
Modify Dashboard Data Monitor Layouts

Module 8: ESM Lists

Describe the differences between Active and Session Lists
Create and validate Active and Session List integration Rules

Module 9: ESM Rules

Create and validate the following:
Rule behavior
Brute Force Login Attempt and Successful rules
Light Weight rules and Pre-Persistent rules

Module 10: Query Viewers Authoring

Define Queries
Describe Query Viewers
Explain the advantages of using Query Viewers
Create the following functions with Query Viewers:
Drilldowns
Baselines
Reports
Dashboard views

Module 11: ESM Reports

List the components in the Report Workflow
List the different types of Reports
Run a Report from the Navigator panel
View an Archive Report from the Navigator panel
Set up a scheduled Report job
Build a custom Report
Build a custom Trend Report

Module 12: Unified Event Search Tools

Describe how keyword, field-based and pipeline searches are performed
Describe how search results are displayed
Use the unified Search page to initiate any type of search
Use Search Helper and Search Builder features to save time constructing search expressions
Load, modify, and save search filters and saved searches
Enable peer ESM and Logger instances for searching