ESM310 – ArcSight ESM Advanced Administrator with Certification Exam

Target group

This course is intended for Administrators who:

• Install, maintain, and troubleshoot ESM components
• Design and implement integrations between ArcSight ESM and other ArcSight appliances
• Proactively investigate the health of the ESM CORRE environment

Course structure

Module 1: Introduction to ESM Components

• Describe each of the ESM system components

Module 2: New Features

• Describe the new product features introduced in ESM versions 2.x and 7.3.0

Module 3: ESM Distributed Components

• Recognize where ESM fits within the ArcSight Architecture
• Define each ESM operation modes,Compact and Distributed,and the issues ESM Distributed Mode comes to solve
• Describe the ESM Distributed Mode components
• Recognize the ArcSight Data Platform (ADP) and its components

Module 4: Installing ESM Distributed Mode

• Plan System Hardware Requirements
• Check Operating System Pre-Installation
• Install
  • ESM Persistor Node
  • ESM Correlator Aggregator Node
• Configure Integration of the Persistor Node
• Add Correlator Aggregator Services
• Configure
  • Message Bus Data and Control Instances from Persistor
  • Repository Instances from Persistor
  • Distributed Cache on Correlator Aggregators
• Run Cert Admin Approveall
• Start All Cluster Wide Services from Persistor Node

Module 5: Maintaining ESM Properties Files and Upgrades

• Customize ArcSight ESM using Properties File
• Prepare System for an Upgrade
• Upgrade ESM
• Upgrade the ESM Console

Module 6: Installing the ESM Console

• Install the ESM Console
• Customize the ESM Console
• Describe Tools available in the ESM Console

Module 7: Installing SmartConnectors

• Describe how Connectors collect,normalize,and cache events
• Install and configure ArcSight SmartConnectors
• Identify Connector Command Scripts
• Describe how Connectors can be managed from an ESM Console,a Connector Appliance,or ArcSight Management Center

Module 8: Managing the Network Model

• List Network Model resources
• Describe Asset Model resources
• Add the following modelling resources:
  • Assets
  • Asset Ranges
  • Zones
  • Network and attach it to a connector
• Import Zone and Asset information with the Network Model wizard
• Explain the use of the Asset Import Connector

Module 9: Configuring SmartConnector Destinations

• Get SmartConnector Status
• Set SmartConnector Flow-Control
• Use SmartConnector Administrative Dashboards
• Configure SmartConnectors for
  • Failover Destination
  • Dual Destinations

Module 10: Installing the ESM Super and Syslog Connectors

• Install and configure a Forwarding Connector
• Install and configure a Syslog connector

Module 11: SmartConnectors Configurations and Advanced Features

• Configure SmartConnectors using advanced features such as turbo mode,map files,event filtering,network options and event aggregation
• Construct advanced configuration settings for optimal performance and data enrichment

Module 12: Command Center

• Log onto the ArcSight Command Center
• Identify functions and navigate the User Interface
• Use the ArcSight Command Center Help Facility
• Configure
  • Authentication
  • Content
  • Storage
  • Appliances,
• Identify stock content dashboards

Module 13: ESM Backup and Restore

• Restore the ESM Manager’s configurations
• Back up and restore ESM
• Describe CORR-E Daily Job Archiving

Module 14: Certificate Management

• Describe uses of SSL technology in ArcSight ESM
• Describe SSL setup options
  • keytool/keytoolgui
  • certadmin
• Identify the steps to deploy:
  • Self-signed Certificates
  • Approve/revoke distributed mode Certificates
  • CA (Certificate Authority)-signed Certificates