ArcSight Logger 7.x Search and Reporting V(ILT)

Course code: LOG215

This two-day class covers how to search and run reports with ArcSight Logger. This course covers a brief overview of ArcSight Logger, searching for events, using search tools, working with filters and saved searches, designing and generating reports, and designing report dashboards.

920 EUR

1 113 EUR including VAT

Selection of dates
daniel
Do you have a question?
+420 731 175 867 edu@edutrainings.cz

Professional
and certified lecturers

Internationally
recognized certifications

Wide range of technical
and soft skills courses

Great customer
service

Making courses
exactly to measure your needs

Course dates

Starting date: Individual

Type: Individual

Course duration: 2 days

Language: en

Price without VAT: 920 EUR

Register

Starting
date
Place
Type Course
duration
Language Price without VAT
Individual Individual 2 days en 920 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.

Contact

Course description

This two-day class covers how to search and run reports with ArcSight Logger. This course covers a brief overview of ArcSight Logger, searching for events, using search tools, working with filters and saved searches, designing and generating reports, and designing report dashboards.

Please note this course is a subset of the Logger Administration and Operations course. This course covers only the search and reporting modules from the Logger Administration and Operations course.

Target group

System analysts who need to search and run reports using arcsight logger

Course structure

1: Introduction to Logger

 Describe the basic features and functions of Logger
 Describe how different Logger models are used
 Explain how Logger processes event data
 Explain what CEF is and how it is used

2: Event Search

 Explain how (at a high level) Logger searches events
 Describe basic differences of how keyword, field-based, Regex, and pipeline searches are performed
 Enable peer Loggers for searching
 Use unified Search page to initiate any type of search
 Use auto-complete feature to save time during data entry
 Describe how search results are displayed
 Narrow your search interactively using displayed results
 Use wild cards in search queries
 Explain how indexing improves search performance
 Modify field indexing

3: Search Tools

 Use the Search Builder Tool as the common user interface to create any queries, in any combination with pipeline operators
 Customize and save field sets for customized results displays
 Apply constraints to a search
 Validate performance of a query using Search Analyzer
 Run a search query and analyze results
 Refine and rerun a search with the results display
 Rerun a search at regular intervals using Auto Update
 Describe the function of a static correlation
 Use the Live Event Viewer to display real time raw events

4: Filters, Saves Searches & Scheduled Alerts

 Save a query as a filter or a saved search, and retrieve it later
 Describe the different types of filters used in Logger
 Create, copy, edit, or delete a shared filter
 Create and use search group filters
 Change search parameters using Advanced Search Options
 Search Logger from the ArcSight ESM Console

5: Logger Dashboards

 Describe the types of panels on a Dashboard
 Describe built-in Dashboards
 Create and modify a Dashboard

6: Exploring Logger Reports

 Use Navigation Explorers to locate pre-defined and user created report resources
 Run a report using Run, Quick Run, or Run in Background and describe the differences
 Use time range, device/storage group, and peer loggerconstraints when running a report
 Run a report as a scheduled report job
 Publish or Email report results
 Use Report Category Filters (SysAdmin)
 Manage server properties and deploy report bundles
(SysAdmin)

7: Designing Reports

 Copy and save a customized report to your needs
 Use the facilities of the Adhoc Report Designer page to modify a report design
 Use the icons in header of a report display to edit its design
 Copy and save a customized report template to your needs
 Edit a report layout to adjust the fonts, colors, and
arrangement you want

8: Generating Reports

 Create and edit a report query
 Explain differences between Logger search queries and Logger report queries
 Use the SQL Editor to construct report queries
 Customize query fields with hyperlinks, formatting, and formulas
 Group query fields for reports
 Specify mandatory filtering on pre-defined fields or user specified fields
 Create lookup values for field attributes
 Create and use parameters and parameter groups

9: Using and Designing Report Dashboards

 Modify the default home page for Reports to display a dashboard view
 Design a new report dashboard
 Configure and add Report and External Link widgets
 Change the layout and contents of a report dashboard
 Set preferences and views for report dashboards
 Delete report dashboards and dashboard elements

Prerequisites

  • Basic Logger knowledge or experience
  • Possible attack activities, such as scans, man in the middle, sniffing, DoS, and possible abnormal activities, such as worms, Trojans, and viruses
  • SIEM terminology, such as threat, vulnerability, risk, asset, exposure, and safeguards
  • Basic Windows operating systems tasks and functions

Do you need advice or a tailor-made course?

daniel

Daniel Šťastný

product support

ComGate payment gateway MasterCard Logo Visa logo