ARC4300i – Installing and Configuring ArcSight Platform

Course code: ARC430

This instructor-led course teaches you how to install and configure ArcSight Platform 23.2 on-premise with the ArcSight Platform Installation program.

3 860 EUR

4 671 EUR including VAT

Selection of dates
onas
Do you have a question?
+420 731 175 867 edu@edutrainings.cz

Professional
and certified lecturers

Internationally
recognized certifications

Wide range of technical
and soft skills courses

Great customer
service

Making courses
exactly to measure your needs

Course dates

Starting date: Upon request

Type: Virtual

Course duration: 5 days

Language: en

Price without VAT: 3 860 EUR

Register

Starting
date
Place
Type Course
duration
Language Price without VAT
Upon request Virtual 5 days en 3 860 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.

Contact

Course description

On completion of this course, participants should be able to:

  • Describe the ArcSight Platform and its Architecture
  • Describe the system requirements
  • Install ArcSight Platform
  • Verify a successful installation
  • Configure ArcSight Platform to ingest events
  • Configure collectors and CTH with ArcMC
  • Configure Topics and Routes
  • Configure ESM and SOAR Integration
  • Manage ArcSight Users
  • Enable Single Sign-On
  • Add features to an existing ArcSight installation

Target group

This course is designed for Security Professionals and SOC Administrators, who are responsible for deploying and administrating the ArcSight Platform within their environment.

Course structure

Module 1: Architecture

  • Describing the ArcSight Platform and its Architecture
  • Describing the underlying CDF infrastructure
  • Identifying the ArcSight Platform Capabilities
  • Explaining other related components to the Platform
  • Considerations and Best Practices

Module 2: System Requirements

  • Describing the following:
    o System Requirements
    o Host Requirements
    o DNS requirements
    o NFS Requirements
    o ArcSight Database

Module 3: YAML Files

  • Configuring the ArcSight Platform YAML Files

Module 4: Installing ArcSight Platform

  • Pre-installing ArcSight
  • Installing ArcSight

Module 5: Post-Install Activities

  • Checking the status of the ArcSight Platform Installation
  • Accessing and exploring the ITOM Management Portal
  • Running the post-install command to finalize the deployment
  • Uploading License Files under the ITOM Management Portal
  • Logging into Fusion for the First Time

Module 6: Transformation Hub Management from Fusion ArcMC

  • Validating a successful integration between Transformation Hub and the new containerized ArcMC available in Fusion
  • Retrieving the master root certificate

Module 7: Producing Events and Transformation Hub Ingestion

  • Recognizing and describing how events are produced
  • Describing event formats: classic (CEF) and AVRO
  • Installing a CEF Producer and AVRO Producer of events
  • Detailed walkthrough of the configuration steps and all parameters
  • Sending Test Alerts Replay Events to Transformation Hub
  • Validating Topics and Transformation Hub Ingestion

Module 8: Collectors and CTH Deployment from ArcMC

  • Defining the difference between a Collector and Connector
  • Listing the advantages of using Collectors
  • Describing what’s needed to perform a Collector Deployment using ArcMC
  • Deploying CTH from ArcMC and route events from th-syslog to other topics

Module 9: Topic and Route Management

  • Managing Topic and Routes
  • Local vs Global Event Enrichment
  • Types of Stream Processor Instances in Transformation Hub
  • Configuring Topics and Routes – Step by Step Example for Global Event Enrichment

Module 10: Integrating ESM and SOAR

  • Configuring the ESM and SOAR Integration
  • Verifying a Successful Integration

Module 11: Enabling Single Sign-On

  • Configuring the ESM Admin User for Single Sign-on
  • Enabling Single Sign-on

Module 12: Managing Users in ArcSight

  • Managing ArcSight Users Overview
  • Managing ESM Users
  • Managing Fusion Users
  • Managing SOAR Users
  • Defining Recon User Permissions and Roles
  • Defining Intelligence User Permissions and Roles

Module 13: Adding More ArcSight Capabilities

  • Describing the benefits of adding more ArcSight capabilities
  • Adding more ArcSight capabilities
  • Specify mandatory filtering on pre-defined fields or user-specified fields
  • Create lookup values for field attributes
  • Create and use parameters and parameter groups

Prerequisites

This course assumes a familiarity working with command line tools, have experience deploying applications in Windows and Linux environments, and having computer desktop, browser, and file system navigation skills.

Do you need advice or a tailor-made course?

onas

product support

ComGate payment gateway MasterCard Logo Visa logo