3-7307 – ArcSight Management Center (ArcMc) Administration

Course structure

Chapter 1: Introduction to Product Features and Architecture

• Describe problems ArcSight Management Center solves
• Recognize the ArcSight Platform architecture
• Describe where ArcMC fits in the ArcSight Platform
• Understand the deployment options for ArcMC functionality: containerized or standalone
  (also known as non-containerized)

Chapter 2. Installing Software ArcMC (Non-Containerized)

• Recognize the requirements for installing Software ArcMC
• Describe the installation steps for Software ArcMC
• Recognize uploading ArcMC licenses and start/stop of ArcMC processes
• Describe how the ArcMC product’s UI is organized
• Log into the ArcMC UI to verify a healthy operational status

Chapter 3: System Administration for ArcMC (Non-Containerized)

• Describe the System Admin Sub-Menu options in the UI interface
• Differentiate ArcMC Appliance and Software ArcMC System Admin capabilities
• Locate and configure software ArcMC device settings
• Define a Password Policy and Login Banner for ArcMC users
• Review and configure Sys Admin settings, including defining a password policy and login
  banner

Chapter 4: Node Management with Fusion ArcMC (Containerized) – ArcMC and Logger Nodes

• Recognize how ArcMC uses Node Management to manage ArcMC (non-containerized) instance and Logger node types
• Describe the Node Management Tasks available in the ArcMC Console
• Understand how to add nodes from a host
• Learn how to import hosts from a CSV file
• Identify, add, and organize ArcSight hosts and nodes using locations
• Describe ArcMC Agent functionality and installation and upgrade steps
• Understand how the initial configuration feature serves as a rapid and uniform setup for multiple ArcSight Loggers
• Create location management entities
• Import software ArcMC and Logger nodes using manual and bulk operations
• Address credential issues, and upgrading, ArcMC agent version

Chapter 5: Node Management – Importing Hosts with Connectors using Core and Software ArcMC Consoles

• Recognize how ArcMC uses Node Management to manage Hosts with Connectors node type.
• Gain experience installing and configuring Connectors
• Learn how to import a host with connectors
• Identify the steps to re-scan a host to bring new Connectors as managed nodes
• Explore how a single host can comprise multiple nodes (connectors) for management purposes
• Describe the Node Management tools to manage connectors, containers, and destinations
  through the ArcMC interface
• Recognize the Health indicators in the ArcMC Monitory Summary dashboard
• Install a connector via SmartConnector wizard
• Describe the steps to import Windows, and Linux hosts with connectors as ArcMC managed
  nodes

Chapter 6: Node Management – Managing Connector Parameters using ArcMC Console

• Recognize how ArcMC uses Node Management to centrally manage Connectors’
  Configuration settings
• Describe the main connector managed components: container, connector configuration and
  destination configuration
• Manage Connector parameters using Core ArcMC Console
• Pull and review audit logs generated connectors via Core ArcMC console
• Describe how Node Management deals with day-to-day operations and fine tuning of Hosts
  with Connector nodes

Chapter 7: Configuration Management

• Describe how ArcMC Configuration Management works
• Identify the differences between Initial configurations and subscriber configurations
• Create various subscriber configurations
• Discuss Best Practices for use of configuration management
• Create configuration templates for managing settings in managed software ArcMC, Logger
  and Connectors
• Create policies to manage several types of receivers in Logger nodes
• Consolidate Filter resources in Logger nodes
• Create mapping file configuration for managed connectors
• Create configuration baselines for managed nodes
• Manage ArcSight Network Model resources such as Networks and Zones settings for managed connectors

Chapter 8. Managing Users on Managed Products

• Describe how user management and role-based access control are applied to managing
  users in an ArcSight Deployment
• Describe the different components that make up User Management
• Run and investigate non-compliant user configurations
• Implement role-based access control RBAC for standalone ArcMCs and Logger devices
• Describe the steps to generate compliance reports to list and validate users/groups/roles
  implemented in managed nodes

Chapter 9: Documenting Capabilities in ArcSight Platform Instance

• Identify the ArcSight Platform capabilities using ITOM and Core Interfaces
• Describe the configuration of ArcSight Platform to enable ArcMC functionality known as
  Core ArcMC
• Articulate how the Core UI is organized
• Describe how to validate the state of ArcSight Platform components (pods) using CLI and
  ITOM Interface
• Document the capabilities deployed in your ArcSight Platform instance
• Identify the versions of Core (Fusion) and Transformation Hub capabilities
• Recognize the dependencies between Fusion, Transformation Hub and ArcMC

Chapter 10: Managing Transformation Hub – Importing Host in Core ArcMC

• Describe the steps to integrate Transformation Hub (TH) and ArcMC
• Describe and configure Producers and Consumers in TH
• Identify the state of TH in the Summary Dashboard
• Import Transformation Hub as a managed node using the Core ArcMC interface
• Manage Connectors with Transformation Hub Destinations
• Identify the steps to configure ESM and Logger as Transformation Hub Consumers

Chapter 11: Managing Transformation Hub – Routing Events Between Topics

• Recognize the configuration properties for topic and routing rules resources
• Describe the steps to create Kafka topics in Transformation Hub via Core ArcMC interface
• Configure Route and Filter of Events Between Topics from Core ArcMC interface
• Describe the steps to set a Logger consumer to pull events from a newly created topic
• Recognize the ArcMC Monitoring Dashboards to validate event routing configuration and
  operation

Chapter 12: Managing Breach Rules and Monitoring Dashboards in ArcMC

• Describe the steps to create breach rules for managed nodes and devices
• Identify the built-in monitoring rules and dashboards
• Recognize ArcMC Monitoring Dashboards to determine node and device health
• Describe the steps to Inspect Audit logs in ArcMC generated by breach rules

Chapter 13: Generator ID Management in ArcMC

• Recognize Global Event ID Design and Features
• Describe the steps to configure ArcMC as a Generator ID Manager
• Recognize how ArcMC assigns Generator IDs to Manage Nodes
• Describe the steps to assign Generator IDs to software ArcMC (non-containerized) and
  Logger processes via ArcMC Generator ID Manager
• Identify the assigned Generator IDs using the Generator ID Manager panel

Chapter 14: ArcMC Product Administration – Application Tools

• Describe the ArcMC tools under the Administration > Application menu: Backup, Restore Snapshot Logger Data Consumption Report
• Describe the steps to perform rapid installation of connectors using ArcMC’s Instant Deployment feature
• Recognize how Audit Events are forwarded by a standalone ArcMC Software instance
• Describe the steps to install and configure a Syslog Connector via Configuration Management Templates
• Identify ArcMC Audit Events in standalone ArcMC Software and Logger Interfaces

Chapter 15: ArcMC Product Administration – Repositories and Node Upgrades

• Recognize how ArcMC repositories are used to upload upgrade or content update files
• Identify the steps to upgrade Logger and standalone ArcMC Software managed nodes
• Perform upgrade of Connectors Framework and parser using ArcSight Update Files
• Describe the steps to perform the remote upgrade of Loggers, Software ArcMC and Connectors via Core (Fusion) ArcMC interface.
• Describe the steps to install, configure and upgrade Syslog Connectors using ArcMC interface