Target group
This course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight Platform within their environment.
Course structure
- Describing the ArcSight Platform and its Architecture
- Describing the underlying CDF infrastructure
- Identifying the ArcSight Platform Capabilities
- Explaining other related components to the Platform
- Considerations and Best Practices
Describe the following:
-
- System Requirements
- Host Requirements
- DNS requirements
- NFS Requirements
- ArcSight Database
- Configuring the ArcSight Platform YAML Files
- Installing ArcSight Platform
- Pre-Install
- Install
- Recognizing and describing how events are produced
- Describing event formats: classic (CEF) and AVRO
- Installing a CEF Producer and AVRO Producer of events
- Detailed walkthrough of the configuration steps and all parameters Sending Test Alerts Replay Events to Transformation Hub Validating Topics and
- Transformation Hub Ingestion
- Defining the difference between a Collector and Connector
- Listing the advantages of using Collectors
- Describing what’s needed to perform a Collector Deployment using ArcMC Deploying CTH from ArcMC and route events from th-syslog to other topics
- Manging Topic and Routes
- Local vs Global Event Enrichment
- Types of Stream Processor Instances in Transformation Hub
- Configuring Topics and Routes – Step by Step Example for Global Event Enrichment
- Configuring the ESM and SOAR Integration Verifying a Successful Integration
- Configuring the ESM Admin User for Single Sign-on Enabling Single Sign-on
- Managing ArcSight Users Overview Managing ESM Users
- Managing Fusion Users
- Managing SOAR Users
- Defining Recon User Permissions and Roles Defining Intelligence User Permissions and Roles
