Course structure
1: Introduction to Logger
Describe the basic features and functions of Logger
Describe how different Logger models are used
Explain how Logger processes event data
Explain what CEF is and how it is used
2: Event Search
Explain how (at a high level) Logger searches events
Describe basic differences of how keyword, field-based, Regex, and pipeline searches are performed
Enable peer Loggers for searching
Use unified Search page to initiate any type of search
Use auto-complete feature to save time during data entry
Describe how search results are displayed
Narrow your search interactively using displayed results
Use wild cards in search queries
Explain how indexing improves search performance
Modify field indexing
3: Search Tools
Use the Search Builder Tool as the common user interface to create any queries, in any combination with pipeline operators
Customize and save field sets for customized results displays
Apply constraints to a search
Validate performance of a query using Search Analyzer
Run a search query and analyze results
Refine and rerun a search with the results display
Rerun a search at regular intervals using Auto Update
Describe the function of a static correlation
Use the Live Event Viewer to display real time raw events
4: Filters, Saves Searches & Scheduled Alerts
Save a query as a filter or a saved search, and retrieve it later
Describe the different types of filters used in Logger
Create, copy, edit, or delete a shared filter
Create and use search group filters
Change search parameters using Advanced Search Options
Search Logger from the ArcSight ESM Console
5: Logger Dashboards
Describe the types of panels on a Dashboard
Describe built-in Dashboards
Create and modify a Dashboard
6: Exploring Logger Reports
Use Navigation Explorers to locate pre-defined and user created report resources
Run a report using Run, Quick Run, or Run in Background and describe the differences
Use time range, device/storage group, and peer loggerconstraints when running a report
Run a report as a scheduled report job
Publish or Email report results
Use Report Category Filters (SysAdmin)
Manage server properties and deploy report bundles
(SysAdmin)
7: Designing Reports
Copy and save a customized report to your needs
Use the facilities of the Adhoc Report Designer page to modify a report design
Use the icons in header of a report display to edit its design
Copy and save a customized report template to your needs
Edit a report layout to adjust the fonts, colors, and
arrangement you want
8: Generating Reports
Create and edit a report query
Explain differences between Logger search queries and Logger report queries
Use the SQL Editor to construct report queries
Customize query fields with hyperlinks, formatting, and formulas
Group query fields for reports
Specify mandatory filtering on pre-defined fields or user specified fields
Create lookup values for field attributes
Create and use parameters and parameter groups
9: Using and Designing Report Dashboards
Modify the default home page for Reports to display a dashboard view
Design a new report dashboard
Configure and add Report and External Link widgets
Change the layout and contents of a report dashboard
Set preferences and views for report dashboards
Delete report dashboards and dashboard elements
