Course structure
Upon successful completion of this course, you should be able to:
- Make ArcSight ESM operational upon initial installation
- Describe how ESM works in the context of your network
- Create user accounts
- Implement built-in content
- Populate ESM with your network and assets to identify endpoints involved in an event
- Create site-specific business-oriented views
- Investigate, identify, analyze, and remediate exposed security issues
- Use workflow management to provide real-time incident response and escalation tracking
- Modify and run standard reports to provide situational awareness and network status
- Establish ESM peering across multiple ESM instances
- Perform distributed event search and content management