advanced search
Do you have any questions?
+420 731 175 867 (Mo-Fr: 9A.M.-5P.M.)
EN
0 Basket

2-7329 – ArcSight Recon Analyst

Course code: OT27329

This course offers a comprehensive, hands-on introduction to ArcSight Recon for security analysts and threat hunters. It focuses on event search and reporting capabilities, hunting threats, and outlier detection.

Highlights:

  • Create search queries using ArcSight schema fields, keywords, field sets, search operators, and hashtags.
  • Use default content reports and dashboards to analyze events of interest, including MITRE ATT&CK content.
  • Create reports and dashboards using data worksheets from scratch.
  • Analyze event data using Recon tools in sample scenarios, such as uncovering ex-employee threats and detecting Log4j vulnerability.
  • Use Recon tools to analyze historical events and identify undetected threats in a sample unstructured threat-hunting scenario.
  • Build and score the outlier model and explain outlier’s analytics charts.
3 500 EUR

4 235 EUR including VAT

The earliest date from 22.06.2026

Selection of dates
onas
Do you have a question?
+420 731 175 867 edu@edutrainings.cz

Professional
and certified lecturers

Internationally
recognized certifications

Wide range of technical
and soft skills courses

View soft skills courses

Great customer
service

Making courses
exactly to measure your needs

Course dates

Starting date: 22.06.2026

Place : Praha

Type: In-person

Course duration: 4 days

Language: en

Price without VAT: 3 500 EUR

Register

Starting date: 19.10.2026

Place : Praha

Type: In-person

Course duration: 4 days

Language: en

Price without VAT: 3 500 EUR

Register

Starting date: Upon request

Type: In-person/Virtual

Course duration: 4 days

Language: en/cz

Price without VAT: 3 500 EUR

Register

Starting
date		 Place
Type Course
duration		 Language Price without VAT
22.06.2026 Praha In-person 4 days en 3 500 EUR Register
19.10.2026 Praha In-person 4 days en 3 500 EUR Register
Upon request In-person/Virtual 4 days en/cz 3 500 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.

Contact

Course description

As a learner, you will begin by exploring event search and reporting features using Recon’s default content to get familiar with the interface and its core functionalities. As the course progresses, you will engage in hands-on exercises to build more advanced event searches, reports, and dashboards from the ground up.

You will also analyze security events tied to specific use cases, such as detecting threats from former employees, investigating the Log4j vulnerability, and uncovering insider threats related to data exfiltration. By applying your knowledge of Recon, you will examine these scenarios to identify targets, indicators of compromise (IoCs), and potential attackers.

This course is ideal for security analysts who want to enhance their threat detection and investigation capabilities by leveraging ArcSight Recon’s event search, reporting, and dashboarding features to identify anomalies, uncover threats, and support proactive security operations.

Course structure

On completion of this course, participants should be able to:

  • Investigate events using Recon Search tools and Scheduled event searches.
  • Explain the usage of Search resources such as Field Sets, Filters, and Operators.
  • Describe, access, create and use Reports and Dashboards.
  • Describe and use the default Cloud Security Dashboards and Reports.
  • Implement Dashboards with Parabox Charts (known as parallel box plots charts).
  • Describe and use the default MITRE ATT&CK Dashboards and Reports.
  • Describe Threat Hunting types: unstructured and structured
  • Create custom Search Queries, Reports and Dashboards to analyze event data using sample scenarios.
  • Define Outliers Models and identify suspicious sources using Recon Analytics charts.

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Familiar with Boolean logic operators and ArcSight Schema groups and fields.
  • Basic understanding of Command Shell in Windows and Linux, and familiarity with SIEM concepts

Do you need advice or a tailor-made course?

onas

product support

+420 731 175 867

edu@edutrainings.cz

ComGate payment gateway MasterCard Logo Visa logo